Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 787

Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2024-9680

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Animation timeline. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Mozilla Firefox

Remote code execution in Microsoft Management Console
CVE-2024-43572

Input validation error

The vulnerability allows a remote attacker to compromise the affected system

The vulnerability exists due to insufficient validation of Microsoft Saved Console (MSC) files. A remote attacker can trick the victim into opening a specially crafted file and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Spoofing attack in Microsoft Windows MSHTML Platform and Internet Explorer
CVE-2024-43573

Universal cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Internet Explorer

Multiple vulnerabilities in Ivanti Cloud Services Appliance (CSA)
CVE-2024-9381

Path traversal

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can send a specially crafted HTTP request and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild against Ivanti CSA 4.6 users, according to vendor's advisory. Vulnerability exploitation was chained with previously address vulnerability #VU97617 (CVE-2024-8963).

Software: Ivanti Cloud Services Appliance (CSA)

Multiple vulnerabilities in Ivanti Cloud Services Appliance (CSA)
CVE-2024-9380

OS Command Injection

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote privileged user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Note, the vulnerability is being actively exploited in the wild against Ivanti CSA 4.6 users, according to vendor's advisory. Vulnerability exploitation was chained with previously address vulnerability #VU97617 (CVE-2024-8963).

Software: Ivanti Cloud Services Appliance (CSA)

Multiple vulnerabilities in Ivanti Cloud Services Appliance (CSA)
CVE-2024-9379

SQL injection

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, the vulnerability is being actively exploited in the wild against Ivanti CSA 4.6 users, according to vendor's advisory. Vulnerability exploitation was chained with previously address vulnerability #VU97617 (CVE-2024-8963).

Software: Ivanti Cloud Services Appliance (CSA)

Multiple vulnerabilities in Qualcomm chipsets
CVE-2024-43047

Use After Free

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Software: Firmware

Path traversal in Ivanti Cloud Service Appliance
CVE-2024-8963

Path traversal

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote non-authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.

The vulnerability can be exploited along with #VU97119 (CVE-2024-8190) to achieve remote code execution and is being exploited in the wild.

Software: Ivanti Cloud Services Appliance (CSA)

Multiple vulnerabilities in Adobe Acrobat and Reader
CVE-2024-41869

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Adobe Reader

Spoofing attack in Microsoft Windows MSHTML Platform and Internet Explorer
CVE-2024-43461

Spoofing attack

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the way the Internet Explorer displays a user prompt after a file is downloaded. A remote attacker can create a specially crafted filename that causes the true file extension to be hidden, trick the victim into downloading it and potentially compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Internet Explorer

Remote code execution in Microsoft Publisher
CVE-2024-38226

Protection Mechanism Failure

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. An attacker can trick the victim into opening a specially crafted file, bypass Office macro policies restrictions and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Publisher

Security features bypass in Microsoft Windows Mark of the Web
CVE-2024-38217

Protection Mechanism Failure

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. An attacker can trick the victim into downloading a specially crafted file, evade Mark of the Web (MOTW) defenses and bypass security features such as SmartScreen Application Reputation security check and/or the legacy Windows Attachment Services security prompt.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows Installer
CVE-2024-38014

Improper privilege management

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management in Windows Installer. A local user can execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Microsoft Windows Update
CVE-2024-43491

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Microsoft Windows Update services. A remote attacker can send specially crafted traffic to the system, trigger a use-after-free error and execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Kingsoft WPS Office
CVE-2024-7263

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient path validation in promecefpluginhost.exe. A remote attacker can trick the victim into opening a specially crafted spreadsheet document and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.
i

The vulnerability was exploited by a South Korea-aligned cyberespionage group APT-C-60.

Software: WPS Office

Known/fameous malware:

SpyGlace

The vulnerability was exploited by a South Korea-aligned cyberespionage group APT-C-60.

Remote code execution in Kingsoft WPS Office
CVE-2024-7262

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient path validation in promecefpluginhost.exe. A remote attacker can trick the victim into opening a specially crafted spreadsheet document and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was exploited by a South Korea-aligned cyberespionage group APT-C-60.

Software: WPS Office

Known/fameous malware:

SpyGlace

The vulnerability was exploited by a South Korea-aligned cyberespionage group APT-C-60.

Arbitrary file upload in Versa Networks Director
CVE-2024-39717

Arbitrary file upload

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote authenticated user can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

Software: Versa Director

Multiple vulnerabilities in Google Chrome
CVE-2024-7965

Improperly implemented security check for standard

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Google Chrome
CVE-2024-7971

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Microsoft Project
CVE-2024-38189

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into opening a specially crafted file and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Project

Privilege escalation in Microsoft Windows Power Dependency Coordinator
CVE-2024-38107

Use-after-free

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within Windows Power Dependency Coordinator. A local user can trigger a use-after-free error and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Security features bypass in Microsoft Windows
CVE-2024-38213

Protection mechanism failure

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. An attacker can bypass Windows Mark of the Web security feature.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows Ancillary Function Driver for WinSock
CVE-2024-38193

Use-after-free

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ancillary function driver for WinSock. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows kernel
CVE-2024-38106

Race condition

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the Windows kernel. A local user can exploit the race and execute arbitrary code with SYSTEM privileges.

Software: Windows

Memory corruption in Microsoft Windows Scripting Engine
CVE-2024-38178

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to open a specially crafted webpage in Microsoft Edge in Internet Explorer mode, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in Google Android
CVE-2024-36971

Use-after-free

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Android

Privilege escalation in Microsoft Windows Hyper-V
CVE-2024-38080

Integer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in Windows Hyper-V component. A local user can trigger an integer overflow and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Spoofing attack in Windows MSHTML Platform
CVE-2024-38112

Exposure of resource to wrong sphere

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation. A remote attacker can perform spoofing attack and trick the victim to execute a specially crafted file.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Internet Explorer

Privilege escalation in Cisco NX-OS Software
CVE-2024-20399

OS Command Injection

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper input validation. A local user can execute arbitrary commands as root on the underlying operating system of an affected device.

Note, the vulnerability is being actively exploited in the wild since of April 2024.

Not patched

Software: Cisco NX-OS

Multiple vulnerabilities in Google Pixel
CVE-2024-32896

Improper input validation

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Pixel Firmwire subcomponent in Pixel. A local application can execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Software: Pixel

Privilege escalation in Arm Mali GPU kernel drivers
CVE-2024-4610

Use-after-free

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error caused by improper GPU memory processing operations. A local user can execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver

Information disclosure in Check Point Quantum Gateway
CVE-2024-24919

Path traversal

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a insufficient validation of file path in Security Gateways with IPSec VPN, Remote Access VPN and the Mobile Access software blade. A remote non-authenticated attacker can send a specially crafted HTTP request and view arbitrary files on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Gaia

Backdoor in Justice AV Solutions Viewer software
CVE-2024-4978

Embedded malicious code (backdoor)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application setup file "Justice AV Solutions Viewer Setup 8.3.7.250-1" downloaded from the official website. A remote attacker to gain unauthorized access to the system.

Note, the vulnerability is being actively exploited in the wild.

Software: JAVS Viewer

Remote code execution in Google Chrome
CVE-2024-5274

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Google Chrome
CVE-2024-4947

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Microsoft Windows MSHTML platform
CVE-2024-30040

Security features bypass

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation within the Windows MSHTML Platform. A remote attacker can trick the victim to open or load a specially crafted file, bypass OLE mitigations in Microsoft 365 and Microsoft Office and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows DWM Core Library
CVE-2024-30051

Heap-based buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows DWM Core Library. A local user can trigger a heap-based buffer overflow and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Google Chrome
CVE-2024-4761

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Google Chrome
CVE-2024-4671

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Visuals component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Code execution in Cisco Adaptive Security Appliance and Firepower Threat Defense
CVE-2024-20359

Code Injection

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper input validation in a legacy capability that allowed for the preloading of VPN clients and plug-ins. A local user can copy a crafted file to the disk0: file system of an affected device and execute arbitrary code with root privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Cisco Adaptive Security Appliance (ASA)

Denial of service in Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services
CVE-2024-20353

Infinite loop

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when parsing HTTP headers. A remote attacker can send specially crafted HTTP request to the appliance and perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild.

Software: Cisco Adaptive Security Appliance (ASA)

Arbitrary file download in CrushFTP
CVE-2024-4040

External Control of File Name or Path

The vulnerability allows a remote user to delete arbitrary files.

The vulnerability exists due to application allows to access files outside of the virtual file system. A remote authenticated user can read arbitrary system files.

Note, the vulnerability is being exploited in the wild.

Software: CrushFTP

Command Injection in Palo Alto PAN-OS
CVE-2024-3400

Command Injection

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the GlobalProtect feature. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Palo Alto PAN-OS

Privilege escalation in Microsoft Windows proxy driver
CVE-2024-26234

Improper access control

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions within the proxy driver. A local user can execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

SmartScreen prompt bypass in Microsoft Windows
CVE-2024-29988

Protection mechanism failure

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient implementation of the Mark of the Web (MotW) feature. A remote attacker can supply a malicious file inside an archive to bypass EDR/NDR detection, bypass the SmartScreen prompt and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in Google Pixel
CVE-2024-29748

Improper input validation

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Pixel Firmware subcomponent in Pixel. A local application can execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Software: Pixel

Multiple vulnerabilities in Google Pixel
CVE-2024-29745

Information exposure

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the bootloader subcomponent in Pixel. A local application can gain access to sensitive information.

Note, the vulnerability is being actively exploited in the wild.

Software: Pixel

Embedded malicious code in XZ Utils
CVE-2024-3094

Embedded malicious code (backdoor)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the system.

Note, the vulnerability is being actively exploited in the wild.

Not patched

Software: XZ Utils

Privilege escalation in Microsoft Windows Error Reporting Service
CVE-2024-26169

Permissions, Privileges, and Access Controls

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Windows Error Reporting Service, which leads to security restrictions bypass and privilege escalation.

Software: Windows

Known/fameous malware:

Black Basta

Multiple vulnerabilities in Apple iOS 17 and iPadOS 17
CVE-2024-23296

Buffer overflow

The vulnerability allows a local application to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in RTKit. A malicious application can trigger memory corruption and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2024-23225

Buffer overflow

The vulnerability allows a local application to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the OS kernel. A malicious application can trigger memory corruption and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Microsoft Windows Kernel
CVE-2024-21338

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the appid.sys AppLocker driver. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in ConnectWise ScreenConnect
CVE-2024-1709

Authentication bypass using an alternate path or channel

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to improper authentication. A remote non-authenticated attacker can bypass authentication process and gain full access to the system.

Note, the vulnerability is being actively exploited in the wild.

Software: ScreenConnect

Privilege escalation in Microsoft Exchange Server
CVE-2024-21410

Exposure of Resource to Wrong Sphere

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in Microsoft Exchange Server. A remote attacker can target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Two OS command injection vulnerabilities in QNAP QTS and QuTS hero
CVE-2023-50358

OS Command Injection

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote authenticated user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: QNAP QTS

Security restrictions bypass when handling shortcuts in Microsoft Windows
CVE-2024-21412

Security features bypass

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper input validation when handling Internet shortcut files. A remote attacker can trick the victim into clicking on a specially crafted shortcut file and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Security restrictions bypass in Microsoft Windows SmartScreen
CVE-2024-21351

Security features bypass

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper input validation when handling files downloaded from the Internet. A remote attacker can bypass the SmartScreen protection feature and trick the victim into launching a malicious files on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in FortiOS SSL-VPN
CVE-2024-21762

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing HTTP requests in sslvpnd. A remote attacker can send specially crafted HTTP requests to the SSL-VPN service, trigger an out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: FortiOS

Multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways
CVE-2024-21893

Server-Side Request Forgery (SSRF)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input within the SAML component. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Ivanti Connect Secure (formerly Pulse Connect Secure)

Multiple vulnerabilities in Hitron Systems Security Camera DVRs
CVE-2024-23842

Use of default credentials

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Software: DVR LGUVR-16H

Known/fameous malware:

Mirai

Multiple vulnerabilities in Hitron Systems Security Camera DVRs
CVE-2024-22772

Use of default credentials

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Software: DVR LGUVR-8H

Known/fameous malware:

Mirai

Multiple vulnerabilities in Hitron Systems Security Camera DVRs
CVE-2024-22771

Use of default credentials

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Software: DVR LGUVR-4H

Known/fameous malware:

Mirai

Multiple vulnerabilities in Hitron Systems Security Camera DVRs
CVE-2024-22770

Use of default credentials

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Software: DVR HVR-16781

Known/fameous malware:

Mirai

Multiple vulnerabilities in Hitron Systems Security Camera DVRs
CVE-2024-22769

Use of default credentials

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Software: DVR HVR-8781

Known/fameous malware:

Mirai

Multiple vulnerabilities in Hitron Systems Security Camera DVRs
CVE-2024-22768

Use of default credentials

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild by the Mirai botnet.

Software: DVR HVR-4781

Known/fameous malware:

Mirai

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2024-23222

Type confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when processing HTML content. A remote attacker can trick the victim to open a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
CVE-2023-6549

Buffer overflow

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can send specially crated packets to the system, trigger memory corruption and perform a denial of service (DoS) attack.

Successful exploitation of this vulnerability requires that the device is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAAvirtualserver.

Note, the vulnerability is being actively exploited in the wild.

Software: Citrix NetScaler Gateway

Multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
CVE-2023-6548

Code Injection

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the management interface. A remote authenticated user can send a specially crafted request to the application and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Citrix NetScaler Gateway

Multiple vulnerabilities in Google Chrome
CVE-2024-0519

Buffer overflow

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in V8 in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways
CVE-2024-21887

OS Command Injection

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote authenticated administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system. However this vulnerability can be exploited by a non-authenticated attacker using authentication bypass vulnerability #VU85286 (CVE-2023-46805).

Note, the vulnerability is being actively exploited in the wild.



Software: Ivanti Connect Secure (formerly Pulse Connect Secure)

Multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways
CVE-2023-46805

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Note, the vulnerability is being actively exploited in the wild.

Software: Ivanti Connect Secure (formerly Pulse Connect Secure)

Remote code execution in Barracuda Email Security Gateway Appliance (ESG)
CVE-2023-7102

Exposed dangerous method or function

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation within the third-party Perl library Spreadsheet::ParseExcel used to parse Excel files. A remote attacker can send a specially crafted email with a malicious file inside and execute arbitrary code on the device.

Note, the vulnerability is being actively exploited in the wild.

i

It is believed that behind vulnerability exploitation is the China nexus actor tracked as UNC4841.

Software: Email Security Gateway (ESG)

Known/fameous malware:

SEASPY, SALTWATER

It is believed that behind vulnerability exploitation is the China nexus actor tracked as UNC4841.

Remote code execution in Google Chrome
CVE-2023-7024

Heap-based buffer overflow

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in WebRTC. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Embedded malicious code in Ledger Connect Kit

Embedded malicious code (backdoor)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to drain crypto assets from users' wallets.

Note, the vulnerability is being actively exploited in the wild.

Software: connect-kit

OS Command Injection in QNAP QVR Firmware
CVE-2023-47565

OS Command Injection

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within QNAP VioStor NVR models running QVR firmware. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild by the Mirai-based botnet named InfectedSlurs.

Software: QVR

Known/fameous malware:

InfectedSlurs

OS Command Injection in FXC routers
CVE-2023-49897

OS Command Injection

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote user on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild by the Mirai-based botnet named InfectedSlurs.

Software: AE1021

Known/fameous malware:

InfectedSlurs

Multiple vulnerabilities in Apple iOS 17 and iPadOS 17
CVE-2023-42917

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS 17 and iPadOS 17
CVE-2023-42916

Out-of-bounds read

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Google Chrome
CVE-2023-6345

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in Skia component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Use of default credentials in Unitronics Vision Series PLCs and HMIs
CVE-2023-6448

Use of default credentials

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to Unitronics Vision Series PLCs and HMIs use default administrative passwords. A remote attacker with network access to a PLC or HMI can gain administrative control over the system.

Note, the vulnerability is being actively exploited in the wild.


Not patched

Software: Unitronics Vision

Privilege escalation in Microsoft Windows DWM Core Library
CVE-2023-36033

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Windows DWM Core Library. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Software: Windows

Security restrictions bypass in Microsoft Windows SmartScreen
CVE-2023-36025

Security features bypass

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in Windows SmartScreen feature. A remote attacker can trick the victim to click on a specially crafted .url file and execute arbitrary code on the system.

Software: Windows

Privilege escalation in Microsoft Windows Cloud Files Mini Filter Driver
CVE-2023-36036

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Windows Cloud Files Mini Filter Driver. A local user trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Path traversal in SysAid
CVE-2023-47246

Path traversal

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can upload and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild by the Lace Tempest (DEV-0950) actor.

i

The vulnerability was exploited by the Lace Tempest (DEV-0950) APT actor.

Software: SysAid

The vulnerability was exploited by the Lace Tempest (DEV-0950) APT actor.

Multiple vulnerabilities in VMware vCenter Server
CVE-2023-34048

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the DCERPC protocol implementation. A remote non-authenticated attacker can send a specially crafted RPC request to the vCenter Server, trigger an out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild since late 2021.

i

The vulnerability was used since late 2021 by a Chinese threat actor UNC3886.

Software: vCenter Server

Known/fameous malware:

VIRTUALPITA, VIRTUALPIE

The vulnerability was used since late 2021 by a Chinese threat actor UNC3886.

Multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
CVE-2023-4966

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote non-authenticated attacker can send specially crafted data to the device, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as AAAvirtualserver.

Note, the vulnerability is being actively exploited in the wild since August 2023.

Software: Citrix NetScaler Gateway

Multiple vulnerabilities in Cisco IOS XE Web UI software
CVE-2023-20198

Improper Privilege Management

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper privilege management in the web UI feature. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected device and create an account with privilege level 15 access.

Note, the vulnerability is being actively exploited in the wild.

Software: Cisco IOS XE

Unauthenticated arbitrary file upload in Royal Elementor Addons plugin for WordPress
CVE-2023-5360

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

Software: Royal Elementor Addons

Cross-site scripting in Roundcube
CVE-2023-5631

Cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing SVG files in program/lib/Roundcube/rcube_washtml.php. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note, the vulnerability is being actively exploited in the wild.

Software: Roundcube

Disclosure of NTLM hashes in Microsoft WordPad
CVE-2023-36563

Information disclosure

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to disclosure of NTLM hashes in WordPad. A remote attacker can trick the victim to open a specially crafted file and gain access to sensitive information.

Note, the vulnerability is being exploited in the wild.

Software: Windows

Information disclosure in Skype for Business server
CVE-2023-41763

Information disclosure

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to IP addresses or port numbers or both to the attacker.

Note, the vulnerability is being actively exploited in the wild.

Software: Skype for Business Server

Remote code execution in Confluence Data Center and Server
CVE-2023-22515

Improper Authentication

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authentication at the "/setup/setupadministrator.action" endpoint. A remote non-authenticated attacker can send specially crafted requests to the server to create an administrative account and gain unauthorized access to the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Confluence Data Center

Multiple vulnerabilities in Apple iOS 17 and iPadOS 17
CVE-2023-42824

Buffer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Qualcomm firmware
CVE-2023-33063

Use-after-free

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error during a remote call from HLOS to DSP. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Firmware

Multiple vulnerabilities in Qualcomm firmware
CVE-2023-33107

Integer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow while assigning shared virtual memory region during IOCTL call. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Firmware

Multiple vulnerabilities in Qualcomm firmware
CVE-2023-33106

Use of Out-of-range Pointer Offset

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Firmware

Multiple vulnerabilities in Google Chrome
CVE-2023-5217

Heap-based buffer overflow

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in vp8 encoding in libvpx. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software
CVE-2023-20109

Out-of-bounds write

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols within the Cisco Group Encrypted Transport VPN (GET VPN) feature. A remote authenticated user with administrative control of either a group member or a key server can trigger an out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability has been exploited in the wild.

Software: Cisco IOS

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-41992

Input validation error

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local application can execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Privilege escalation in Trend Micro Apex One and Worry-Free Business
CVE-2023-41179

OS Command Injection

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper input validation within the third-party AV uninstaller module shipped with the software. A local user can execute arbitrary commands with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apex One

Security features bypass in Google Pixel
CVE-2023-4211

Use-after-free

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within Mali GPU Kernel Driver. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Pixel

Privilege escalation in Microsoft Streaming Service Proxy
CVE-2023-36802

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Microsoft Streaming Service Proxy. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Information disclosure in Microsoft Word
CVE-2023-36761

Information disclosure

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application ca reveal sensitive information to a third-party. A remote attacker can trick the victim to open or preview a specially crafted file and obtain NTLM hash of the current account.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Word

Remote code execution in Adobe Acrobat and Reader
CVE-2023-26369

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Adobe Reader

Remote code execution in Google Chrome
CVE-2023-4863

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2023-41061

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Wallet. A remote attacker can trick the victim to open a specially crafted attachment and execute arbitrary code on the system.

Note, the vulnerability is being exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2023-41064

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ImageIO subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Authentication bypass using an alternate path or channel in Cisco Adaptive Security Appliance and Firepower Threat Defense
CVE-2023-20269

Authentication bypass using an alternate path or channel

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. A remote user can perform a brute-force attack and establish a clientless SSL VPN session with an unauthorized user.

Note, the vulnerability is being actively exploited in the wild.

Software: Cisco Adaptive Security Appliance (ASA)

Multiple vulnerabilities in Google Android
CVE-2023-35674

Improper input validation

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Android

API authentication bypass in Ivanti Sentry
CVE-2023-38035

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing authentication on certain APIs. A remote attacker can send a specially crafted HTTP request to port 8443/TCP, bypass authentication process and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: MobileIron Sentry

Path traversal in Terrasoft CRM

Path traversal

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote non-authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Note, the vulnerability is being actively exploited in the wild.

Not patched

Denial of service in ASP .NET and Visual Studio
CVE-2023-38180

Input validation error

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send  specially crafted input to the application and perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild.

Software: ASP.NET Core

File extension spoofing in WinRAR
CVE-2023-38831

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of file names inside .zip archives. A remote attacker can create a specially crafted archive that contains executable malicious files and spoof their file extension to look like .jpeg or .txt.

Note, the vulnerability is being actively exploited in the wild as of April 2023.

Software: WinRAR

Known/fameous malware:

DarkMe, GuLoader, RAT

MitM attack in MicroWorld Technologies eScan

Cleartext transmission of sensitive information

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to software uses insecure communication channel within the software update functionality. A remote attacker with ability to intercept network traffic can perform MitM attack during software update and swap the update package with malicious files.

Note, the vulnerability is being actively exploited in the wild.

Software: eScan

Known/fameous malware:

GuptiMiner

Arbitrary file overwrite in Ivanti Endpoint Manager Mobile
CVE-2023-35081

Path traversal

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote privileged user can send a specially crafted HTTP request and overwrite arbitrary files and compromise the affected system.

Note, this vulnerability is being actively exploited in the wild.

Software: Endpoint Manager Mobile (formerly MobileIron Core)

Authentication bypass in Ivanti Endpoint Manager Mobile (formerly MobileIron Core)
CVE-2023-35078

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an unspecified error in the authentication process. A remote attacker can bypass authentication and gain unauthorized access to the application.

Note, the vulnerability is being actively exploited in the wild as per Ivanti customers. The company at the moment did not comment on the incident and concealed all information about this vulnerability.

Software: Endpoint Manager Mobile (formerly MobileIron Core)

Multiple vulnerabilities in Apple iOS 15 and iPadOS 15
CVE-2023-41990

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in FontParser. A remote attacker can trick the victim to open a specially crafted file or visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS 15 and iPadOS 15
CVE-2023-38606

Buffer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Adobe ColdFusion
CVE-2023-38205

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote non-authenticated attacker can bypass implemented security restrictions and gain unauthorized access to the application.

Note, the vulnerability is being actively exploited in the wild.

Software: ColdFusion

Multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
CVE-2023-3519

Code Injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. A remote non-authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Citrix Netscaler ADC

Reflected XSS in Zimbra Collaboration Suite
CVE-2023-37580

Cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Zimbra Classic Web Client. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note, the vulnerability is being exploited in the wild.

Software: Zimbra Collaboration

Multiple vulnerabilities in Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication modules
CVE-2023-3595

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing CIP messages. A remote attacker can send specially crafted CIP messages to ports 44818/TCP or 2222/UDP, trigger an out-of-bounds write and execute arbitrary code.

Note, the vulnerability is most likely being exploited in the wild.

Software: 1756-EN2T Series A

Remote code execution in Microsoft Office and Windows HTML
CVE-2023-36884

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when handling cross-protocol file navigation. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was exploited by the treat actor Storm-0978 (also known as DEV-0978 or RomCom) against defense and government entities in Europe and North America.

Software: Windows

The vulnerability was exploited by the treat actor Storm-0978 (also known as DEV-0978 or RomCom) against defense and government entities in Europe and North America.

Remote code execution in Microsoft Outlook
CVE-2023-35311

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to click on a specially crafted URL, bypass the Microsoft Outlook Security Notice prompt and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Outlook

Privilege escalation in Microsoft Windows Error Reporting Service
CVE-2023-36874

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Error Reporting Service. A local user can use a specially crafted performance trace to trigger memory corruption and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Security restrictions bypass in Windows SmartScreen
CVE-2023-32049

Security features bypass

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper validation of URLs in Windows SmartScreen. A remote attacker can trick the victim to visit a specially crafted URL, bypass the Open File - Security Warning prompt and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Windows MSHTML Platform
CVE-2023-32046

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in Windows MSHTML Platform. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Internet Explorer

Remote code execution in Apple iOS 16 and iPadOS 16
CVE-2023-37450

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Improper authorization in Ultimate Member plugin for WordPress
CVE-2023-3460

Improper Authorization

The vulnerability allows a remote attacker to compromise the affected website.

The vulnerability exists due to improper authorization within the registration functionality. A remote non-authenticated attacker can register a rouge administrative account and compromise the web application.

Note, the vulnerability is being actively exploited in the wild.

Software: Ultimate Member – User Profile & Membership Plugin

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2023-32435

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2023-32439

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to open a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2023-32434

Integer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to an integer overflow within the OS kernel. A local application can trigger an integer overflow and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Google Pixel
CVE-2023-21237

Information exposure

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.

Note, the vulnerability is being actively exploited in the wild.

Software: Pixel

Authentication bypass in VMware Tools
CVE-2023-20867

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the vgauth module. An attacker who compromised the ESXi host can bypass authentication process and execute privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs.

Note, the vulnerability is being actively exploited in the wild by the UNC3886 APT actor.

i

The vulnerability is known to be exploited by the UNC3886 APT actor.

Software: VMware Tools

The vulnerability is known to be exploited by the UNC3886 APT actor.

Unauthenticated remote code execution in FortiOS and FortiProxy SSL-VPN
CVE-2023-27997

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the SSL-VPN feature. A remote non-authenticated attacker can send specially crafted requests to the SSL-VPN interface, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: FortiOS

Remote code execution in acme.sh
CVE-2023-38198

OS Command Injection

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when parsing certificates. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Note, exploitation of this vulnerability has been observed in the wild by compromised HiCA servers.

i

The vulnerability was exploited through the Chinese intermediary HiCA who claims to be compromised.

Software: acme.sh

The vulnerability was exploited through the Chinese intermediary HiCA who claims to be compromised.

Remote code execution in Google Chrome
CVE-2023-3079

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

SQL injection in MOVEit Transfer
CVE-2023-34362

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, the vulnerability is being actively exploited in the wild.

Software: MOVEit Transfer

Backdoor in Gigabyte UEFI firmware

Embedded malicious code (backdoor)

The vulnerability allows a remote attacker to gain unauthorized access to the system.

The vulnerability exists due to presence of embedded malicious functionality (aka backdoor) in the UEFI firmware that was downloaded from the official website using the Gigabyte's App Center. This allows a remote attacker to gain full control over the system.

Note, the vulnerability is being actively exploited in the wild.

Software: UEFI firmware

Missing authorization in Emby Server

Missing Authorization

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure default configuration. A remote non-authenticated attacker can send a specially crafted request to the server and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Emby Server

Remote code execution in Barracuda Email Security Gateway appliance (ESG)
CVE-2023-2868

OS Command Injection

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing .tar archives during email attachment screening. A remote unauthenticated attacker can send a specially crafted email with a malicious attachment to the appliance and execute arbitrary Perl commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Email Security Gateway (ESG)

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-32373

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-28204

Out-of-bounds read

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in WebKit. A remote attacker can trick the victim to visit a specially crafted webpage, trigger an out-of-bounds read error and read contents of memory on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-32409

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and break out of Web Content sandbox.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Secure boot bypass in Microsoft Windows
CVE-2023-24932

Security features bypass

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper implementation of the Secure Boot feature. An attacker with physical access to the system or a local user with Administrative rights can bypass Secure Boot.

Software: Windows

Privilege escalation in Microsoft Windows Win32k driver
CVE-2023-29336

Use-after-free

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Win32k driver. A local user can trigger a use-after-free error and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2023-21492

Inclusion of sensitive information in log files

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to kernel pointers are printed into the log file. A local application can read the log file and use the kernel pointers to bypass ASLR protection.

Note, the vulnerability is being exploited in the wild.

Software: Samsung Mobile Firmware

Multiple vulnerabilities in Google Chrome
CVE-2023-2136

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in Skia component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Google Chrome
CVE-2023-2033

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Privilege escalation in Microsoft Windows Common Log File System Driver
CVE-2023-28252

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Windows Common Log File System Driver. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

i

According to Kaspersky, the vulnerability has been exploited in February 2023 against small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions.

Software: Windows

Known/fameous malware:

Nokoyawa ransomware

According to Kaspersky, the vulnerability has been exploited in February 2023 against small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions.

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-28205

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-28206

Out-of-bounds write

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in IOSurfaceAccelerator. A local application can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Backdoor in 3CX Electron desktop app for Windows and Mac
CVE-2023-29059

Embedded malicious code (backdoor)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.


Software: Electron Mac App, Electron Windows App

Information disclosure in ARM Mali GPU kernel drivers
CVE-2023-26083

Memory leak

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due memory leak. A local application can force the driver to leak memory and gain access to sensitive information.

Note, this vulnerability is being actively exploited in the wild.

Not patched
i

The vulnerability was used as part of exploitation chain against Samsung Internet Browser and targeted victims in December 2022 with one-time links sent via SMS to devices located in the United Arab Emirates (UAE).

Software: Valhall GPU Kernel Driver, Bifrost GPU Kernel Driver, Midgard GPU Kernel Driver

The vulnerability was used as part of exploitation chain against Samsung Internet Browser and targeted victims in December 2022 with one-time links sent via SMS to devices located in the United Arab Emirates (UAE).

Remote code execution in Dream Security MagicLine4NX
CVE-2023-45797

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: MagicLine4NX

Remote code execution in General Bytes Crypto Application Server (CAS)

Improper access control

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions in the master service interface on port 7741/TCP. A remote attacker can send a specially crafted request to the affected server and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Crypto Application Server (CAS)

Remote code execution in General Bytes Crypto Application Server (CAS)
CVE-2023-26360

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

Note, the vulnerability is being actively exploited in the wild.

Software: ColdFusion

Multiple vulnerabilities in Adobe ColdFusion
CVE-2023-26359

Deserialization of Untrusted Data

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: ColdFusion

Net-NTLMv2 hash leak in Microsoft Outlook
CVE-2023-23397

Information disclosure

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the application leaks the Net-NTLMv2 hash. A remote attacker can send a specially crafted email to the victim and obtain the Net-NTLMv2 hash of the Windows account. The victim does not need to open the email, as the vulnerability is triggered automatically when it is retrieved and processed by the email server, e.g. before the email is viewed in the preview pane.

The obtained NTLMv2 hash can be used in the NTLM Relay attack against another service to authenticate as the user.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Outlook

SmartScreen security feature bypass in Microsoft Windows
CVE-2023-24880

Security features bypass

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Windows SmartScreen Security Feature. A remote attacker can trick the victim to open a specially crafted file and bypass the Mark of the Web (MOTW) defenses.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in FortiOS
CVE-2022-41328

Path traversal

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing certain CLI command. A local user can read and write arbitrary files on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: FortiOS

Multiple vulnerabilities in Google Android
CVE-2023-20963

Permissions, Privileges, and Access Controls

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in Android Framework. A local application can escalate privileges on the device.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Android

Known/fameous malware:

Pinduoduo backdoor

Privilege escalation in Microsoft Windows Graphics Component
CVE-2023-21823

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Graphics Component. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Windows Common Log File System Driver
CVE-2023-23376

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Windows Common Log File System Driver. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Microsoft Publisher
CVE-2023-21715

Security features bypass

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to unspecified error when processing files. A remote attacker can trick the victim to open a specially crafted file, bypass Office macro policies used to block untrusted or malicious files and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.


Software: Microsoft Publisher

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-23529

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when parsing web content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Known/fameous malware:

PWNYOURHOME

Remote code execution in GoAnywhere MFT
CVE-2023-0669

Deserialization of Untrusted Data

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data passed to the "/goanywhere/lic/accept" HTTP endpoint of the administrative web interface. A remote attacker can send a specially crafted HTTP request to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: GoAnywhere MFT

Use-after-free in Linux kernel
CVE-2023-0266

Use-after-free

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_ctl_elem_read() function in the Linux kernel sound subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

i

In December 2022 a complete exploit chain was discovered consisting of multiple 0-days and n-days targeting the latest version of Samsung Internet Browser. The exploits were delivered in one-time links sent via SMS to devices located in the United Arab Emirates (UAE).

The link directed users to a landing page identical to the one Google TAG examined in the Heliconia framework developed by commercial spyware vendor Variston. The exploit chain ultimately delivered a fully featured Android spyware suite written in C++ that includes libraries for decrypting and capturing data from various chat and browser applications. The actor using the exploit chain to target UAE users may be a customer or partner of Variston, or otherwise working closely with the spyware vendor.

Software: Linux kernel

In December 2022 a complete exploit chain was discovered consisting of multiple 0-days and n-days targeting the latest version of Samsung Internet Browser. The exploits were delivered in one-time links sent via SMS to devices located in the United Arab Emirates (UAE).

The link directed users to a landing page identical to the one Google TAG examined in the Heliconia framework developed by commercial spyware vendor Variston. The exploit chain ultimately delivered a fully featured Android spyware suite written in C++ that includes libraries for decrypting and capturing data from various chat and browser applications. The actor using the exploit chain to target UAE users may be a customer or partner of Variston, or otherwise working closely with the spyware vendor.

Privilege escalation in Windows Advanced Local Procedure Call (ALPC)
CVE-2023-21674

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Advanced Local Procedure Call (ALPC). A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Apple iOS
CVE-2022-42856

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Remote code execution in Citrix ADC and Citrix Gateway
CVE-2022-27518

Improper control of a resource through its lifetime

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions in systems configured as a SAML SP or a SAML IdP. A remote non-authenticated attacker can gain unauthorized access to the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Citrix Access Gateway

SmartScreen MOTW bypass in Microsoft Windows
CVE-2022-44698

Security features bypass

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in Windows SmartScreen. A remote attacker can bypass Mark of the Web (MOTW) defenses and potentially compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in FortiOS sslvpnd
CVE-2022-42475

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the sslvpnd daemon. A remote non-authenticated attacker can pass specially crafted data to the SSL-VPN interface, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: FortiOS

Remote code execution in Google Chrome
CVE-2022-4262

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Google Chrome
CVE-2022-4135

Heap-based buffer overflow

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in GPU. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Microsoft Windows Mark of the Web
CVE-2022-41091

Security features bypass

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to security features bypass in Windows Mark of the Web functionality. A remote attacker can trick a victim to open a specially crafted file and bypass Protected View in Microsoft Office, as demonstrated using a specially crafted ZIP archive.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows CNG Key Isolation Service
CVE-2022-41125

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows CNG Key Isolation Service. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Microsoft Windows Scripting Languages
CVE-2022-41128

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within the JScript9 engine. A remote attacker can trick the victim into visiting a malicious website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was exploited by APT37 in late October 2022 against South Korea.

Software: Windows

The vulnerability was exploited by APT37 in late October 2022 against South Korea.

Privilege escalation in Microsoft Windows Print Spooler service
CVE-2022-41073

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Print Spooler. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in Apple iOS 15 and iPadOS 15
CVE-2022-48618

Improper authentication

The vulnerability allows a local application to compromise the affected system.

The vulnerability exists due to an error within the OS kernel. A local application or user with arbitrary read and write capability can bypass Pointer Authentication and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild against versions of iOS released before iOS 15.7.1.

Software: Apple iOS

Remote code execution in Google Chrome
CVE-2022-3723

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2022-42827

Out-of-bounds write

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Privilege escalation in Microsoft Windows COM+ Event System Service
CVE-2022-41033

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows COM+ Event System Service. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Arbitrary file upload in bingo!CMS
CVE-2022-42458

Missing Authorization

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authorization in the management functionality responsible for file uploads. A remote non-authenticated attacker can upload a malicious file on the server and execute it.

Successful exploitation of the vulnerability may result in full system compromise.

Note, the vulnerability is being exploited in the wild.

Software: bingo!CMS

Remote code execution in Microsoft Exchange Server
CVE-2022-41040

Server-Side Request Forgery (SSRF)

The disclosed vulnerability allows a remote user to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input within the Exchange OWA  Autodiscover service.. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Remote code execution in Microsoft Exchange Server
CVE-2022-41082

Deserialization of Untrusted Data

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote user with access to PowerShell Remoting on vulnerable Exchange systems can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Software: Microsoft Exchange Server

Remote code execution in Sophos Firewall
CVE-2022-3236

Code Injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the User Portal and Webadmin interfaces of Sophos Firewall. A remote non-authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Sophos Firewall

Privilege escalation in Microsoft Windows common log file system driver
CVE-2022-37969

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local unprivileged user can run a specially crafted program to trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in Trend Micro Apex One
CVE-2022-40139

Insufficient verification of data authenticity

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to improper input validation within the rollback functionality. A remote authenticated user with access to the administrative console can force the agent into downloading unverified rollback components and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apex One

Multiple vulnerabilities in Apple macOS Monterey
CVE-2022-32917

Buffer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Remote code execution in WPGateway plugin for WordPress
CVE-2022-3180

Improper Authorization

The vulnerability allows a remote attacker to compromise the web application.

The vulnerability exists due to missing authorization checks. A remote non-authenticated attacker can send a specially crafted request to the affected plugin and add an administrative user account into your WordPress installation.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary PHP code on the server.

Note, the vulnerability is being actively exploited in the wild as of September 8.

Not patched

Software: WPGateway

Arbitrary file read in BackupBuddy WordPress plugin
CVE-2022-31474

Improper Authorization

The vulnerability allows a remote attacker to download arbitrary files from the server.

The vulnerability exists due to missing authorization for the feature responsible for remote downloading remote backups. A remote non-authenticated attacker can download arbitrary files from the server. 

Note, the vulnerability is being actively exploited in the wild.

Software: BackupBuddy

Remote code execution in Photo Station
CVE-2022-27593

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to unspecified vulnerability. A remote non-authenticated attacker can send a specially crafted request to the affected system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild by the DeadBolt ransomware.

Software: Photo Station

Known/fameous malware:

DeadBolt

Remote code execution in Google Chrome
CVE-2022-3075

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the Mojo component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Improper access control in General Bytes Crypto Application Server (CAS)

Improper access control

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions to the default installation page. A remote attacker can connect to the default installation URL and create an administrative user account.

Note, the vulnerability is being active exploited in the wild.

Software: Crypto Application Server (CAS)

Multiple vulnerabilities in Apple macOS Monterey
CVE-2022-32893

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in Apple macOS Monterey
CVE-2022-32894

Out-of-bounds write

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code on the system with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in Google Chrome
CVE-2022-2856

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Intents component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Microsoft Windows Support Diagnostic Tool (MSDT)
CVE-2022-34713

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Windows Support Diagnostic Tool (MSDT) when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows CSRSS
CVE-2022-22047

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Microsoft Windows Client/Server Runtime Subsystem (CSRSS). A local user can run a specially crafted program to execute arbitrary code with SYSTEM privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Google Chrome
CVE-2022-2294

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within WebRTC implementation. A remote attacker can trick the victim ti visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was reported to Google by the Avast Threat Intelligence team on 2022-07-01.

Software: Google Chrome

The vulnerability was reported to Google by the Avast Threat Intelligence team on 2022-07-01.

Remote code execution in Mitel MiVoice Connect
CVE-2022-29499

OS Command Injection

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA). A remote unauthenticated attacker can send a specially crafted HTTP GET request to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Not patched

Software: MiVoice Connect

Remote code execution in Atlassian Confluence Server
CVE-2022-26134

Code Injection

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when processing OGNL expressions. A remote non-authenticated attacker can send a specially crafted request to the Confluence Server and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Atlassian Confluence Server

Remote code execution in Microsoft Windows
CVE-2022-30190

OS Command Injection

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing URL within the Microsoft Windows Support Diagnostic Tool (MSDT). A remote unauthenticated attacker can trick the victim to open a specially crafted file, which calls the ms-msdt tool and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

UPDATED

The vulnerability resides within MSTD and not in Microsoft Word. Microsoft Word is an attack vector and not the source of vulnerability.

i


Software: Microsoft Word


Improper access restrictions in Cisco IOS XR
CVE-2022-20821

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to unrestricted access to the Redis instance running within the NOSi container, accessible via port 6379/tcp (the health check RPM opens this port by default). A remote non-authenticated attacker can connect to the Redis instance and obtain sensitive information or modify it.

Note, the vulnerability is being actively exploited in the wild.

Software: Cisco IOS XR

Spoofing attack in Microsoft Windows LSA
CVE-2022-26925

Man-in-the-Middle (MitM) attack

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists within the Windows LSA service. A remote attacker can call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. As a result, an attacker can obtain credentials and compromise the affected system via the NTLM Relay Attack.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Google Chrome
CVE-2022-1364

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in V8 engine in Google Chrome. A remote attacker can trick the victim to visit a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Privilege escalation in Microsoft Windows common log file system driver
CVE-2022-24521

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in Apple macOS Monterey
CVE-2022-22674

Out-of-bounds read

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within Intel Graphics Driver. A local user can  trigger an out-of-bounds read error and read contents of kernel memory.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in Apple macOS Monterey
CVE-2022-22675

Out-of-bounds write

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the AppleAVD subsystem. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Remote code execution in Trend Micro Apex Central
CVE-2022-26871

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to improper access restrictions in the Trend Micro Apex Central management console. A remote non-authenticated attacker can upload arbitrary file to the system and execute it.

Note, the vulnerability is being actively exploited in the wild.

Software: Apex Central

Remote code execution in Spring Framework
CVE-2022-22965

Code Injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted HTTP request to the affected application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

This vulnerability was dubbed "Spring4Shell".

Software: Pivotal Spring Framework

Information disclosure in VMware vCenter Server
CVE-2022-22948

Incorrect default permissions

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions for files. A local user with access to the system can view contents of certain files.

Software: vCenter Server

Remote code execution in Sophos Firewall
CVE-2022-1040

Input validation error

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to insufficient validation of user-supplied input in the User Portal and Webadmin. A remote attacker can send specially crafted requests to the web interface and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected device.

Note, the vulnerability is being actively exploited in the wild.

i

Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region.

Software: Sophos Firewall

Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region.

Remote code execution in Google Chrome
CVE-2022-1096

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Mozilla Firefox
CVE-2022-26486

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing messages in the WebGPU IPC framework. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Mozilla Firefox

Remote code execution in Mozilla Firefox
CVE-2022-26485

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing XSLT parameter. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Mozilla Firefox

Multiple vulnerabilities in Google Chrome
CVE-2022-0609

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Magento
CVE-2022-24086

OS Command Injection

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote unauthenticated attacker can send  a specially crafted HTTP POST request to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Software: Adobe Commerce (formerly Magento Commerce)

Remote code execution in Apple iOS and iPadOS
CVE-2022-22620

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Cross-site scripting in Zimbra
CVE-2022-24682

Cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note, the vulnerability is being actively exploited in the wild in the targeted attacks aimed to exfiltrated data.

Software: Zimbra Collaboration

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2022-22587

Buffer overflow

The vulnerability allows a malicious application to execute arbitrary code with elevated privileges.

The vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger buffer overflow and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Microsoft Win32k
CVE-2022-21882

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Win32k.sys driver. A local user can run a specially crafted program to trigger a buffer overflow and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in FreePBX Phone Apps module
CVE-2021-45461

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in the Phone Apps (restapps) module for FreePBX. A remote attacker can send specially crafted input to the application and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Phone Apps

Multiple vulnerabilities in Google Chrome
CVE-2021-4102

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the V8 engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Code injection in Ivanti Endpoint Manager
CVE-2021-44529

Embedded malicious code (backdoor)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) within the "/opt/landesk/broker/webroot/lib/csrf-magic.php" file. A remote non-authenticated attacker can set specially crafted cookies and gain unauthorized access to the application.

Note, the vulnerability patched in 2021 by Ivanti is considered a backdoor.

i

This entry was added only on 19.2.2024. The vulnerability was addressed by the vendor on 02.12.2021, however it was not disclosued as a backdoor or a zero-day.

Software: Endpoint Manager

This entry was added only on 19.2.2024. The vulnerability was addressed by the vendor on 02.12.2021, however it was not disclosued as a backdoor or a zero-day.

Privilege escalation in Microsoft Windows
CVE-2021-43890

Permissions, Privileges, and Access Controls

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect permissions in windows installer service. A local user can run a specially crafted program to execute arbitrary code with SYSTEM privileges.

The vulnerability exists due to incomplete patch for #VU58061 (CVE-2021-41379).

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Known/fameous malware:

Emotet, Trickbot, Bazaloader

Arbitrary file upload in FatPipe WARP, MPVPN and IPVPN

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in the web management interface. A remote attacker can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability allows multiple APT actors to gain access to an unrestricted file upload function and execute arbitrary code on the system.

Software: IPVPN, MPVPN, WARP

The vulnerability allows multiple APT actors to gain access to an unrestricted file upload function and execute arbitrary code on the system.

Remote code execution in Microsoft Excel
CVE-2021-42292

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when processing Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it and execute arbitrary code on the system.

Note, the vulnerability is being exploited in the wild.

Software: Microsoft Office

Remote code execution in Microsoft Exchange Server
CVE-2021-42321

Input validation error

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of cmdlet arguments. A remote user can run a specially crafted cmdlet and execute arbitrary commands on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Privilege escalation in Google Android
CVE-2021-1048

Use-after-free

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Android kernel component within the epoll_loop_check_proc() function. A malicious application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Android

Multiple vulnerabilities in Google Chrome
CVE-2021-38003

Improperly implemented security check for standard

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Google Chrome
CVE-2021-38000

Exposed dangerous method or function

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure implementation in V8 engine in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

SQL injection in BQE BillQuick Web Suite
CVE-2021-42258

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability allows a remote attacker to cause SQL injection, leading to remote code execution.

Software: BillQuick Web Suite

The vulnerability allows a remote attacker to cause SQL injection, leading to remote code execution.

Privilege escalation in Microsoft Windows kernel
CVE-2021-40449

Use-after-free

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Win32k NtGdiResetDC function in Microsoft Windows kernel. A local user can run a specially crafted program to trigger a use-after-free error, when the function ResetDC is executed a second time for the same handle during execution of its own callback, and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.
i

A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan (RAT).

The attacks were noticed in late August and September 2021

Software: Windows

Known/fameous malware:

MysterySnail

A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan (RAT).

The attacks were noticed in late August and September 2021

Privilege escalation in Apple iOS and iPadOS
CVE-2021-30883

Integer overflow

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger integer overflow and execute arbitrary code on with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.



Software: Apple iOS

Multiple vulnerabilities in Apache HTTP Server
CVE-2021-41773

Path traversal

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts.

The vulnerability can be used to execute arbitrary OS commands on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apache HTTP Server

Multiple vulnerabilities in Google Chrome
CVE-2021-37976

Information disclosure

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in core in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and gain access to sensitive information.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Google Chrome
CVE-2021-37975

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Google Chrome
CVE-2021-37973

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content within the Portals component in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Privilege escalation in Apple macOS Catalina
CVE-2021-30869

Type Confusion

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the XNU subsystem. A local user can run a specially crafted program to trigger a type confusion error and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in Apple macOS Big Sur
CVE-2021-31010

Deserialization of Untrusted Data

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insecure input validation when processing serialized data within the Core Telephony service. A local application can pass specially crafted data to the service and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Remote code execution in EntroLink PPX-AnyLink devices

Code Injection

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote administrator can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.
Not patched
i

The vulnerability was used by multiple ransomware gangs to remotely execute code to PPX-AnyLink devices 

Software: PPX-AnyLink 6004, PPX-AnyLink 6006, PPX-AnyLink 6900F, PPX-AnyLink 6900, PPX-AnyLink 6904, PPX-AnyLink 8000

The vulnerability was used by multiple ransomware gangs to remotely execute code to PPX-AnyLink devices 

Multiple vulnerabilities in Google Chrome
CVE-2021-30633

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Indexed DB API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in-the-wild.

Software: Google Chrome

Multiple vulnerabilities in Google Chrome
CVE-2021-30632

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in-the-wild.

Software: Google Chrome

Remote code execution in Apple iOS
CVE-2021-30858

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in-the-wild.

Software: Apple iOS

Remote code execution in Zoho ADSelfService Plus
CVE-2021-40539

Improper access control

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions to the "/RestAPI/LogonCustomization" and "/RestAPI/Connection" REST API endpoints. A remote non-authenticated attacker can send specially HTTP requests to the aforementioned REST API endpoints and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Zoho ManageEngine ADSelfService Plus

Remote code execution in Microsoft MSHTML
CVE-2021-40444

Code Injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the MSHTML component. A remote attacker can create a specially crafted Office document with a malicious ActiveX control inside, trick the victim into opening the document and execute arbitrary code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Apple iOS
CVE-2021-30860

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being active exploited in-the-wild via the FORCEDENTRY tool against Bahraini activists.

i

The vulnerability is believed to be used against Bahraini activists.

Software: Apple iOS

Known/fameous malware:

FORCEDENTRY

The vulnerability is believed to be used against Bahraini activists.

Privilege escalation in Microsoft Windows Update Medic Service
CVE-2021-36948

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Update Medic Service. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in Trend Micro Apex One
CVE-2021-36742

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arability code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apex One

Multiple vulnerabilities in Trend Micro Apex One
CVE-2021-36741

Arbitrary file upload

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the product’s management console . A remote user can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

Software: Apex One

Privilege escalation in Apple iOS and iPadOS
CVE-2021-30807

Buffer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary within the IOMobileFrameBuffer subsystem. A local application can trigger memory corruption and execute arbitrary code on the target system with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Google Chrome
CVE-2021-30563

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

SQL injection in WooCommerce and WooCommerce Blocks plugin
CVE-2021-32789

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used to compromise WooCommerce plugin.

Software: WooCommerce

The vulnerability was used to compromise WooCommerce plugin.

Privilege escalation in Microsoft Windows kernel
CVE-2021-31979

Buffer overflow

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Microsoft Scripting Engine
CVE-2021-34448

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in Microsoft scripting engine. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows kernel
CVE-2021-33771

Buffer overflow

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in SolarWinds Serv-U
CVE-2021-35211

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can send a specially crafted request to the Serv-U server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

i

Microsoft’s research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor.

Software: Serv-U FTP Server

Microsoft’s research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor.

Remote code execution in Kaseya VSA
CVE-2021-30116

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to unspecified error. A remote attacker can compromise the affected system.

Note, the vulnerability is being actively exploited in the wild by the REvil ransomware.

Not patched

Software: Kaseya VSA

Known/fameous malware:

REvil

Remote code execution in Microsoft Windows Print Spooler
CVE-2021-34527

Code Injection

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the RpcAddPrinterDriverEx() function. A remote user can send a specially crafted request to the Windows Print Spooler and execute arbitrary code with SYSTEM privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being considered a zero-day and dubbed PrintNightmare. This is a different vulnerability than #VU54508 (CVE-2021-1675).


i

The PoC-code for this vulnerability was being made publicly available by mistake before official patch release. The vulnerability is considered a zero-day.

Software: Windows Server

The PoC-code for this vulnerability was being made publicly available by mistake before official patch release. The vulnerability is considered a zero-day.

Improper access control in WD My Book Live and WD My Book Live Duo
CVE-2021-35941

Improper access control

The vulnerability allows a remote attacker to delete all data on the system.

The vulnerability exists due to improper access restrictions to the administrator API. A remote non-authenticated attacker can send a specially crafted HTTP request to the exposed API and perform a system factory restore, deleting all data on the NAS device.

Note, the vulnerability is being actively exploited in the wild along with vulnerability #VU15460.

Not patched
i


Software: WD My Book Live Duo, WD My Book Live


Multiple vulnerabilities in Google Chrome
CVE-2021-30554

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the WebGL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Apple iOS 12
CVE-2021-30762

Use-after-free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple iOS 12
CVE-2021-30761

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

i


Software: Apple iOS


Multiple vulnerabilities in Google Chrome
CVE-2021-30551

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Privilege escalation in Microsoft Enhanced Cryptographic Provider
CVE-2021-31201

Security restrictions bypass

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in Microsoft Enhanced Cryptographic Provider. A local user can bypass implemented security restrictions and read or modify otherwise restricted information.

Note, the vulnerability is being actively exploited in the wild and related to a zero-day vulnerability in Adobe Reader #VU53125 (CVE-2021-28550) patched on May 11.

Software: Windows

Privilege escalation in Microsoft Enhanced Cryptographic Provider
CVE-2021-31199

Security restrictions bypass

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in Microsoft Enhanced Cryptographic Provider. A local user can bypass implemented security restrictions and read or modify otherwise restricted information.

Note, the vulnerability is being actively exploited in the wild and related to a zero-day vulnerability in Adobe Reader #VU53125 (CVE-2021-28550) patched on May 11.

Software: Windows

Remote code execution in Microsoft DWM Core Library
CVE-2021-33739

Improper Privilege Management

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper privilege management within the Microsoft DWM Core Library. A remote attacker can trick the victim to run a specially crafted executable or script and execute arbitrary code on the system.

i

The vulnerability was reported by DBAPPSecurity Lieying Lab.

Software: Windows

The vulnerability was reported by DBAPPSecurity Lieying Lab.

Remote code execution in Windows MSHTML Platform
CVE-2021-33742

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within Windows MSHTML Platform. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

i

The vulnerability was reported by Google’s Threat Analysis Group.

Software: Windows

The vulnerability was reported by Google’s Threat Analysis Group.

Privilege escalation in Microsoft Windows NTFS
CVE-2021-31956

Permissions, Privileges, and Access Controls

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists within the NTFS subsystem in Microsoft Windows. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

i

The vulnerability was reported to Microsoft by Kaspersky Lab.

Software: Windows

The vulnerability was reported to Microsoft by Kaspersky Lab.

OS Kernel information disclosure Microsoft Windows
CVE-2021-31955

Improper Privilege Management

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper privilege management. A local unprivileged user can read contents of Kernel memory from a user mode process.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was reported to Microsoft by Kaspersky Lab.

Software: Windows

The vulnerability was reported to Microsoft by Kaspersky Lab.

Arbitrary file upload in Fancy Product Designer plugin for WordPress
CVE-2021-24370

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in "wp-admin" or "wp-content/plugins/fancy-product-designer/inc". A remote attacker can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used to upload arbitrary files on the target system.

Software: Fancy Product Designer

The vulnerability was used to upload arbitrary files on the target system.

Multiple vulnerabilities in Apple macOS Big Sur
CVE-2021-30713

Input validation error

The vulnerability allows a local user to bypass Privacy preferences.

The vulnerability exists due to insufficient validation of user-supplied input within the TCC subsystem. A malicious application can  bypass Privacy preferences and gain full disk access, perform screen recording or gain other permissions without requiring user's explicit consent.

Note, the vulnerability is being actively exploited in the wild by XCSSET malware.

Software: macOS

Known/fameous malware:

XCSSET

Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2021-28550

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Adobe Reader

Multiple vulnerabilities in Google Android
CVE-2021-1906

Detection of Error Condition Without Action

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the Graphics component. A local user can trigger a new GPU address allocation failure and perform a denial of service attack.

Note, the vulnerability is being used in limited targeted attacks.

Software: Google Android

Multiple vulnerabilities in Google Android
CVE-2021-1905

Use-after-free

The vulnerability allows a local user to escalate privileges on the system

The vulnerability exists due to a use-after-free error in Graphics component when handling memory mapping of multiple processes simultaneously. A local user can escalate privileges on the system.

Note, the vulnerability is being used in limited targeted attacks.

Software: Google Android

Multiple vulnerabilities in Google Android
CVE-2021-28664

Buffer overflow

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0. A local application can trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Android

Multiple vulnerabilities in Google Android
CVE-2021-28663

Use-after-free

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. A local application can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Android

Multiple vulnerabilities in Apple iOS 12.x
CVE-2021-30666

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Apple macOS
CVE-2021-30663

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in Apple macOS
CVE-2021-30665

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in macOS
CVE-2021-30661

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in macOS
CVE-2021-30657

Security features bypass

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic issue within the Gatekeeper checks. A remote attacker can craft a specially crafted payload that is not checked by Gatekeeper and bypasses File Quarantine and Application Notarization protections as well. As a result, a malicious binary can be executed on the system.

Note, the vulnerability is being actively exploited in the wild.

i

The Jamf Protect detections team observed this exploit being used in the wild by a variant of the Shlayer adware dropper, as early as January 9th, 2021.

Software: macOS

Known/fameous malware:

Shlayer

The Jamf Protect detections team observed this exploit being used in the wild by a variant of the Shlayer adware dropper, as early as January 9th, 2021.

Path traversal in SonicWall Email Security
CVE-2021-20023

Path traversal

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the "branding"  feature. A remote authenticated user can send a specially crafted HTTP request and read arbitrary files on the system with NT AUTHORITY\SYSTEM account.

Request example:

https://<SonicWall ES host>/dload_apps?action=<any value>&path=..%2F..%2F..%2F..%2F..%2Fwindows%2Fsystem32%2Fcalc.exe&id=update

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used in a chained attack to compromise the vulnerable systems.

Software: SonicWall On-premise Email Security (ES)

The vulnerability was used in a chained attack to compromise the vulnerable systems.

Multiple vulnerabilities in Google Chrome
CVE-2021-21224

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Pulse Connect Secure
CVE-2021-22893

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process and compromise the affected device.

The vulnerability exists due to multiple issues in web interface. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the application via license server web services.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Ivanti Connect Secure (formerly Pulse Connect Secure)

Privilege escalation in Microsoft Windows
CVE-2021-28310

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within win32k.sys driver in Microsoft Windows. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in SonicWall On-premise Email Security (ES) and Hosted Email Security (HES)
CVE-2021-20022

Arbitrary file upload

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the branding feature. A remote administrator can upload a malicious ZIP archive to the system to an arbitrary location using directory traversal sequences in the filenames inside the uploaded archive and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used in a chained attack to compromise the affected system.

Software: SonicWall On-premise Email Security (ES)

The vulnerability was used in a chained attack to compromise the affected system.

Multiple vulnerabilities in SonicWall On-premise Email Security (ES) and Hosted Email Security (HES)
CVE-2021-20021

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests within the "/createou?data=", responsible for administration capabilities, specifically within the feature that allows application administrators to authorize an additional administrator account from a separate Microsoft Active Directory Organization Unit (AD OU). Requests to this form are not verified to require previous authentication to the appliance. A remote non-authenticated attacker can send a specially crafted XML document via HTTP GET or POST method, create a “role.ouadmin” account and authenticate to the application as an administrator.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used in a chained attack along with two other post-authentication vulnerabilities #VU52039 and #VU52377 to fully compromise the affected system.

Software: SonicWall On-premise Email Security (ES)

The vulnerability was used in a chained attack along with two other post-authentication vulnerabilities #VU52039 and #VU52377 to fully compromise the affected system.

Universal XSS in Apple iOS
CVE-2021-1879

Universal cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the WebKit engine. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of arbitrary website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note, the vulnerability is being actively exploited in the wild.

Software: Apple iOS

Multiple vulnerabilities in Google Chrome
CVE-2021-21193

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Blink component in Google Chrome. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Software: Google Chrome

Authentication bypass in The Plus Addons for Elementor for WordPress
CVE-2021-24175

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain administrative access to the application.

Note, the vulnerability is being actively exploited in the wild.

Software: The Plus Addons for Elementor Page Builder

Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2021-25370

Use-after-free

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the dpu driver. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Samsung Mobile Firmware

Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2021-25369

Improper access control

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions to the sec_log file. A local application can read the log file and obtain sensitive system information.

Note, the vulnerability is being actively exploited in the wild.

Software: Samsung Mobile Firmware

Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2021-25337

Permissions, Privileges, and Access Controls

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access control in clipboard service. A local application can use the clipboard service to read and write arbitrary files on the device.

Note, the vulnerability is being actively exploited in the wild.

Software: Samsung Mobile Firmware

Security restrictions bypass in Supermicro X10 UP-series Denlow motherboards

Security restrictions bypass

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in BIOS firmware for X10 UP-series (H3 Single Socket “Denlow”) motherboard. A local user can plant malware into motherboard firmware and establish permanent persistence on the system, even if OS is reinstalled.

Note, the vulnerability is being actively exploited in the wild by the TrickBoot malware.

Software: X10SLL-S/-SF, X10SL7-F, X10SLA-F, X10SLM+-LN4F, X10SLM+-F, X10SLL+-F, X10SLM-F, X10SLL-F, X10SLH-F

Known/fameous malware:

TrickBoot

Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-26855

Server-Side Request Forgery (SSRF)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP request to the Microsoft Exchange OWA interface, upload arbitrary file on the server and execute it.

Note, this vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-26857

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.

Note, this vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-26858

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.

Note, this vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Multiple vulnerabilities in Microsoft Exchange Server
CVE-2021-27065

Input validation error

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.

Note, this vulnerability is being actively exploited in the wild.

Software: Microsoft Exchange Server

Multiple vulnerabilities in Google Chrome
CVE-2021-21166

Improper control of a resource through its lifetime

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2021-21017

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDf file, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Adobe Reader

Privilege escalation in Microsoft Windows
CVE-2021-1732

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when the Win32k.sys driver in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Microsoft Internet Explorer
CVE-2021-26411

Double Free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing ".mht" files. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

i

The vulnerability was used by the Lazarus group to target security researchers worldwide.

Software: Microsoft Internet Explorer

The vulnerability was used by the Lazarus group to target security researchers worldwide.

Remote code execution in Google Chrome
CVE-2021-21148

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2021-1870

Business Logic Errors

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.

Note: The vulnerability is being actively exploited in the wild.

Software: Apple iOS, iPadOS

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2021-1871

Business Logic Errors

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.

Note: The vulnerability is being actively exploited in the wild.

Software: Apple iOS, iPadOS

Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2021-1782

Race condition

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a race condition in the Kernel component. A remote attacker can use a malicious application and escalate privileges on the system.

Note: The vulnerability is being actively exploited in the wild.

Software: Apple iOS, iPadOS

SQL injection in SonicWall SMA100
CVE-2021-20016

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote non-authenticated attacker can send a specially crafted HTTP request to the SSL-VPN appliance and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to access usernames, passwords and other session related information.

Note, the vulnerability is being actively exploited in the wild.

i

SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting zero-day vulnerabilities on certain SonicWall secure remote access products.

At this point both SMA 100 and NetExtender VPN Client are considered affected. Investigation of the incident is still ongoing.

Software: SMA 100

SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting zero-day vulnerabilities on certain SonicWall secure remote access products.

At this point both SMA 100 and NetExtender VPN Client are considered affected. Investigation of the incident is still ongoing.

Remote code execution in Microsoft Defender
CVE-2021-1647

Input validation error

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Windows Defender

SQL injection in Accellion FTA

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data passed to the web interface. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, the vulnerability is being actively exploited in the wild in mid-December 2020 and January 2021.

i

The vulnerability was used to compromise several companies worldwide, such as Reserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), law firm Allens, the University of Colorado, the Washington State Auditor Office, and the QIMR Berghofer Medical Research Institute and Singtel.

The attacks were detected in the mid_December 2020 and continued in January 2021.

Software: Accellion FTA

The vulnerability was used to compromise several companies worldwide, such as Reserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), law firm Allens, the University of Colorado, the Washington State Auditor Office, and the QIMR Berghofer Medical Research Institute and Singtel.

The attacks were detected in the mid_December 2020 and continued in January 2021.

Authentication bypass in SolarWinds Orion API
CVE-2020-10148

Improper Authentication

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests within the SolarWinds Orion API. If an attacker appends a PathInfo parameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication. This vulnerability could allow a remote non-authenticated attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance.

Note, this vulnerability is dubbed SUPERNOVA and is being exploited in the wild.

i


Software: Orion Platform

Known/fameous malware:

SUPERNOVA


Backdoor in SolarWinds Orion Platform

Embedded malicious code (backdoor)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.

According to SolarWinds, Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1 are affected.

Note, this vulnerability is being actively exploited in the wild in a supply chain attack and is dubbed SUNBURST.

i

State-backed hackers are targeting government entities and private businesses all over the world in a global supply chain attack, in which they deploy a malicious SolarWinds update to compromise networks, according to a new report from the cybersecurity firm FireEye.

Known/fameous malware:

Behavior:Win32/Solorigate.C!dha

State-backed hackers are targeting government entities and private businesses all over the world in a global supply chain attack, in which they deploy a malicious SolarWinds update to compromise networks, according to a new report from the cybersecurity firm FireEye.

Improper access control in Easy WP SMTP plugin for WordPress

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can access the debug log after the password reset, grab the reset link and take over the admin account.

Note: The vulnerability is being actively exploited in the wild.

i

This vulnerability allows a remote attacker to reset admin account passwords. 

Software: Easy WP SMTP

This vulnerability allows a remote attacker to reset admin account passwords. 

Multiple vulnerabilities in Google Chrome
CVE-2020-16017

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the site isolation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Google Chrome
CVE-2020-16013

Improperly implemented security check for standard

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome

Multiple vulnerabilities in Apple macOS
CVE-2020-27950

Out-of-bounds read

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within macOS kernel. A local user can run a specially crafted program to gain access to sensitive kernel information on the system.

Note, this vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in Apple macOS
CVE-2020-27932

Type Confusion

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error in macOS kernel. A local user can run a specially crafted application to trigger a type confusion error and execute arbitrary code with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Software: macOS

Multiple vulnerabilities in Apple macOS
CVE-2020-27930

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing fonts within the FontParser component. A remote attacker can create a specially crafted document or web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Software: macOS

Remote code execution in Google Chrome for Android
CVE-2020-16010

Heap-based buffer overflow

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a heap-based buffer overflow when processing untrusted HTML content in UI in Google Chrome on Android. An remote attacker, who had compromised the renderer process, can  perform a sandbox escape via a crafted HTML page.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Software: Google Chrome for Android

Multiple vulnerabilities in Google Chrome
CVE-2020-16009

Improperly implemented security check for standard

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Note, this vulnerability is being actively exploited in the wild.

Software: Google Chrome

Memory corruption in Windows kernel driver
CVE-2020-17087

Buffer overflow

The vulnerability allows a local user to escalate privilege son the system.

The vulnerability exists due to a boundary error within the Windows Kernel Cryptography Driver cng.sys, which exposes a "\Device\CNG" device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

i

This vulnerability was used in a trageted attacks along with the #VU47741 issue in FreeType library to attack users of Google Chrome.

Software: Windows

This vulnerability was used in a trageted attacks along with the #VU47741 issue in FreeType library to attack users of Google Chrome.

Multiple vulnerabilities in Oracle Solaris
CVE-2020-14871

Improper input validation

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Pluggable authentication module (PAM) component in Oracle Solaris. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Note, this vulnerability is being actively exploited in the wild.

i

According to FireEye, the vulnerability is being exploited in the wild by the actor tracked as UNC1945.

Software: Oracle Solaris

According to FireEye, the vulnerability is being exploited in the wild by the actor tracked as UNC1945.

Remote code execution in FreeType library
CVE-2020-15999

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in freetype library when processing TTF files. A remote attacker can pass specially crafted TTF file with PNG sbit glyphs to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Software: FreeType

Arbitrary file upload in File Manager plugin for WordPress
CVE-2020-25213

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in wp-file-manager in the "lib/php/connector.minimal.php" and "lib/files/hardfork.php" files. A remote attacker can upload a malicious file and execute it on the server.

Note: The vulnerability is being actively exploited in the wild. 

i

The vulnerability exploitation was detected on September 1st, 2020. The attackers can remotely upload arbitrary files and execute arbitrary code.

Software: File Manager

The vulnerability exploitation was detected on September 1st, 2020. The attackers can remotely upload arbitrary files and execute arbitrary code.

Denial of service in Cisco IOS XR Software
CVE-2020-3569

Resource exhaustion

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient queue management for Internet Group Management Protocol (IGMP) packets in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. A remote attacker can trigger resource exhaustion by sending crafted IGMP  traffic to the affected device and perform a denial of service (DoS) attack.

Note: this vulnerability is being actively exploited in the wild.
Not patched
i

On August 31 Cisco has updated the original advisory to indicate the second vulnerability exploited in the wild.

Software: Cisco IOS XR

On August 31 Cisco has updated the original advisory to indicate the second vulnerability exploited in the wild.

Denial of service in Cisco IOS XR Software
CVE-2020-3566

Resource exhaustion

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient queue management for Internet Group Management Protocol (IGMP) packets in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. A remote attacker can trigger resource exhaustion by sending crafted IGMP  traffic to the affected device and perform a denial of service (DoS) attack.

Note: this vulnerability is being actively exploited in the wild.

Not patched
i

On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild.

Software: Cisco IOS XR

On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild.

Remote code execution in Microsoft Internet Explorer
CVE-2020-1380

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Software: Microsoft Internet Explorer

Signature spoofing in Microsoft Windows
CVE-2020-1464

Cryptographic issues

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Windows incorrectly validates file signatures. A remote attacker can create a specially crafted file to bypass implemented security restrictions and successfully load a malicious file.

Note: this vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows Print Spooler
CVE-2022-38028

Permissions, Privileges, and Access Controls

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.

Note, the vulnerability is being exploited in the wild since at least June 2020 and possibly as early as April 2019.

i

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions.

Software: Windows

Known/fameous malware:

GooseEgg

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions.

Stored cross-site scripting in Login/Signup Popup plugin for WordPress

Stored cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: The vulnerability is being actively exploited in the wild.

i

The vulnerability exploitation was detected on May 14, 2020. The authenticated attackers can inject, via the AJAX API, JavaScript code into the plugin’s settings and use it to target the administrator in the backend of WordPress.

Software: Login/Signup Popup ( Inline Form + Woocommerce )

The vulnerability exploitation was detected on May 14, 2020. The authenticated attackers can inject, via the AJAX API, JavaScript code into the plugin’s settings and use it to target the administrator in the backend of WordPress.

Remote code execution in Elementor Pro plugin for WordPress

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote authenticated attacker can upload a malicious file and execute it on the blog.

This vulnerability is exploitable if users have open registration, hovewer in conjunction with a vulnerability in Ultimate Addons for Elementor (SB2020051119), it is possible to be exploited, even if the site does not have user registration enabled.

Note: The vulnerability is being actively exploited in the wild.

i

The vulnerability exploitation was detected on May 06, 2020. The attackers can remotely execute arbitrary code.

Software: Elementor Pro

The vulnerability exploitation was detected on May 06, 2020. The attackers can remotely execute arbitrary code.

SQL injection in Sophos XG Firewall/SFOS
CVE-2020-12271

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data passed to the User Portal or Admin interfaces. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Note, this vulnerability is being actively exploited in the wild.

i

The vulnerability exploitation was detected on April 22, 2020. Malware dubbed Asnarök used SQL injection vulnerability to compromise the affected devices and steal users' credentials.

Software: Sophos Firewall

Known/fameous malware:

Asnarök

The vulnerability exploitation was detected on April 22, 2020. Malware dubbed Asnarök used SQL injection vulnerability to compromise the affected devices and steal users' credentials.

Remote code execution in Apple iOS

Out-of-bounds write

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing email in the iOS MobileMail. A remote attacker can send a specially crafted email message, trigger an out-of-bounds write and execute arbitrary code on the target system. No user interaction is required to execute arbitrary code.

Note, this vulnerability is being actively exploited in the wild.

Not patched
i

According to security researchers this vulnerability is being actively exploited since January 2018.

Software: Apple iOS

According to security researchers this vulnerability is being actively exploited since January 2018.

Privilege escalation in Microsoft Windows
CVE-2020-1027

Buffer overflow

The vulnerability allows a local user to escalate privilege so the system.

The vulnerability exists due to a boundary error in the Windows Kernel when handling objects in memory. A local user can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2020-6820

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error caused by a race condition handling ReadableStream. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, this vulnerability is being actively exploited in the wild in targeted attacks.

Software: Mozilla Firefox

Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2020-6819

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error caused by a race condition running the nsDocShell destructor. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, this vulnerability is being actively exploited in the wild in targeted attacks.

Software: Mozilla Firefox

Remote code execution in Adobe Type Manager Library in Microsoft Windows
CVE-2020-0938

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Windows Adobe Type Manager Library when parsing a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Adobe Type Manager Library in Microsoft Windows
CVE-2020-1020

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Windows Adobe Type Manager Library when parsing a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Software: Windows

Multiple vulnerabilities in Merit LILIN DVR devices

Use of hard-coded credentials

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Hard-coded accounts:

root/icatch99
report/8Jg0SR8K50

Note, this vulnerability is being actively exploited in the wild since August 2019.

i

The vulnerability exploitation was uncovered by 360Netlab in August 2019.  Several attack groups were using vulnerabilities in Lilin DVR firmware spread Chalubo, FBot, and Moobot botnets.

Software: DHD216A, DHD216, DHD208A, DHD208, DHD204A, DHD204, DHD304A, DHD308A, DHD316A, DHD504A, DHD508A, DHD516A

Known/fameous malware:

Chalubo, FBot, Moobot

The vulnerability exploitation was uncovered by 360Netlab in August 2019.  Several attack groups were using vulnerabilities in Lilin DVR firmware spread Chalubo, FBot, and Moobot botnets.

Multiple vulnerabilities in Trend Micro Apex One and OfficeScan
CVE-2020-8468

Input validation error

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a content validation escape issue. A remote authenticated attacker can pass specially crafted input to the application and manipulate certain agent client components.

Note: the vulnerability is being actively exploited in the wild.

i

Vendor reports in the wild exploitation of this vulnerability.

Software: Apex One

Vendor reports in the wild exploitation of this vulnerability.

Multiple vulnerabilities in Trend Micro Apex One and OfficeScan
CVE-2020-8467

Code Injection

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the migration tool component. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: the vulnerability is being actively exploited in the wild.

i

Vendor reports in the wild exploitation of this vulnerability.

Software: OfficeScan

Vendor reports in the wild exploitation of this vulnerability.

Improper access control in Custom Searchable Data Entry System plugin for WordPress

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application, leading to data modification and deletion, including the potential to delete the entire contents of any table in a vulnerable site’s database.

Note: the vulnerability is being actively exploited in the wild.

Not patched
i

The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify and delete the plugin’s data.

The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify and delete the plugin’s data.

Stored cross-site scripting in Async JavaScript plugin for WordPress

Stored cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "wp-admin/admin-ajax.php" file with the "aj_steps" AJAX action. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability is being actively exploited in the wild.


i

The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.

The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.

Stored cross-site scripting in 10Web Map Builder for Google Maps plugin for WordPress

Stored cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the plugin’s setup process. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability is being actively exploited in the wild.

Not patched
i

The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.

The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.

Stored cross-site scripting in Modern Events Calendar Lite plugin for WordPress

Stored cross-site scripting

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in several AJAX actions. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability is being actively exploited in the wild.

Not patched
i

The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.

The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.

Improper access control in Flexible Checkout Fields for WooCommerce plugin for WordPress

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and inject new fields and scripts into the WooCommerce checkout page.

Note: the vulnerability is being actively exploited in the wild.

i

The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers downloaded Woo-Add-To-Carts plugin on the system and created administrative accounts.

The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers downloaded Woo-Add-To-Carts plugin on the system and created administrative accounts.

Multiple vulnerabilities in Google Chrome
CVE-2020-6418

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in V8 component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: This vulnerability is being actively exploited in the wild.

Software: Google Chrome

Remote code execution in Microsoft Internet Explorer
CVE-2020-0674

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Software: Microsoft Internet Explorer

Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2019-17026

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error with StoreElementHole and FallibleStoreElement when processing HTML content in IonMonkey JIT compiler. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

i

The vulnerability was reported by Qihoo 360 ATA researchers.

Software: Mozilla Firefox

The vulnerability was reported by Qihoo 360 ATA researchers.

Privilege escalation in Microsoft Windows
CVE-2019-1458

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild.

i

This vulnerability was reported by Anton Ivanov and Alexey Kulaev of Kaspersky Lab. This vulnerability was used in Operation WizardOpium campaign against Korean users.

Software: Windows

This vulnerability was reported by Anton Ivanov and Alexey Kulaev of Kaspersky Lab. This vulnerability was used in Operation WizardOpium campaign against Korean users.

Remote code execution in Draytek Vigor 2960, 3900 and 300B
CVE-2020-8515

Improper Neutralization of Special Elements in Output Used by a Downstream Component

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected devices allow remote code execution as root (without authentication) via shell metacharacters to the "cgi-bin/mainfunction.cgi" URI.

Note, this vulnerability is being actively exploited in the wild starting from December 4, 2019.

i

The vulnerability in WebUI of DrayTek Vigor enterprise routers is being exploited in the wild at least from December 4, 2019. Two affected scripts are believed to be used by two different attack groups to eavesdrop on FTP and email traffic inside corporate networks.

Software: Vigor 2960

The vulnerability in WebUI of DrayTek Vigor enterprise routers is being exploited in the wild at least from December 4, 2019. Two affected scripts are believed to be used by two different attack groups to eavesdrop on FTP and email traffic inside corporate networks.

Remote code execution in Microsoft Internet Explorer
CVE-2019-1429

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Software: Microsoft Internet Explorer

Remote code execution in Google Chrome
CVE-2019-13720

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content within the audio component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.

Note, this vulnerability is being actively exploited in the wild.

i

Kaspersky Lab has identified in the wild exploitation of the vulnerability. This vulnerability was used in Operation WizardOpium campaign against Korean users.

Software: Google Chrome

Kaspersky Lab has identified in the wild exploitation of the vulnerability. This vulnerability was used in Operation WizardOpium campaign against Korean users.

Remote code execution in Microsoft Internet Explorer
CVE-2019-1367

Use-after-free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a use-after-free error within the scripting engine in JScript.dll. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Software: Microsoft Internet Explorer

Privilege escalation in Microsoft Windows Winsock
CVE-2019-1215

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ws2ifsl.sys (Winsock). A local user can run a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows CLFS
CVE-2019-1214

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Common Log File System (CLFS) driver. A local user  can create a specially crafted application and execute arbitrary code on the system with elevated privileges.

Note, this vulnerability is being actively exploited in the wild.

Software: Windows

Privilege escalation in Microsoft Windows Win32k component
CVE-2019-1132

NULL pointer dereference

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a NULL pointer dereference  error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild.

i

The vulnerability was discovered by ESET in June 2019 when investigating a highly targeted attack in Eastern Europe.The vulnerability was used in a targeted attack against governmental institutions in Russia by an adversary known as Buhtrap.

Known IoCs:
sha1: CBC93A9DD769DEE98FFE1F43A4F5CADAF568E321

Software: Windows

Known/fameous malware:

Win32/Exploit.CVE-2019-1132.A
VBA/TrojanDropper.Agent.ABM
VBA/TrojanDropper.Agent.AGK
Win32/Spy.Buhtrap.W
Win32/Spy.Buhtrap.AK
Win32/RiskWare.Meterpreter.G

The vulnerability was discovered by ESET in June 2019 when investigating a highly targeted attack in Eastern Europe.The vulnerability was used in a targeted attack against governmental institutions in Russia by an adversary known as Buhtrap.

Known IoCs:
sha1: CBC93A9DD769DEE98FFE1F43A4F5CADAF568E321

Privilege escalation in Microsoft splwow64
CVE-2019-0880

Permissions, Privileges, and Access Controls

The vulnerability allows a local to escalate privileges on the system.

The vulnerability exists due to the way splwow64.exe handles certain calls. A local user can abuse this functionality to elevate privileges on an affected system from low-integrity to medium-integrity.

Note, this vulnerability is being actively exploited in the wild.

Software: Windows

Security restrictions bypass in Mozilla Firefox and Firefox ESR
CVE-2019-11708

Permissions, Privileges, and Access Controls

The vulnerability allows a remote attacker to bypass sandbox restrictions.

The vulnerability exists due to insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes. A remote attacker can create a specially crafted web page that can make the non-sandboxed parent process open web content chosen by a compromised child process.

An attacker can combine this behavior along with another vulnerability to execute arbitrary code on the system with privileges on the current user. 

Note, this vulnerability is being exploited in the wild along with SB2019061805 (CVE-2019-11707)

i

This vulnerability was used along with CVE-2019-11707 in a targeted attack against Conbase.

Software: Mozilla Firefox

This vulnerability was used along with CVE-2019-11707 in a targeted attack against Conbase.

Remote code execution in Oracle WebLogic Server
CVE-2019-2729

Deserialization of Untrusted Data

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within XMLDecoder class. A remote non-authenticated attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

i

Oracle has released a security alert, notifying users on in the wild exploitation of the vulnerability.

Software: Oracle WebLogic Server

Oracle has released a security alert, notifying users on in the wild exploitation of the vulnerability.

Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2019-11707

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when manipulating JavaScript objects due to issues in Array.pop. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild along with SB2019062002 (CVE-2019-11708).

i

The vulnerability was reported by Mozilla to be actively exploited in the wild.

This vulnerability as reportedly used in a targeted attack against Coinbase employees on Monday,  June 17 2019.

The vulnerability was used in conjunction with another sandbox bypass issue CVE-2019-11708, patched by Mozilla on June 20, 2019.

This vulnerability was  independently discovered and reported to Mozilla by a security researcher Samuel Groß on April 15. It took Mozilla 64 days to issue a security fix. 


Software: Mozilla Firefox

The vulnerability was reported by Mozilla to be actively exploited in the wild.

This vulnerability as reportedly used in a targeted attack against Coinbase employees on Monday,  June 17 2019.

The vulnerability was used in conjunction with another sandbox bypass issue CVE-2019-11708, patched by Mozilla on June 20, 2019.

This vulnerability was  independently discovered and reported to Mozilla by a security researcher Samuel Groß on April 15. It took Mozilla 64 days to issue a security fix. 


Privilege escalation in Windows Error Reporting
CVE-2019-0863

Input validation error

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Windows Error Reporting (WER) handles files. A local user can create a specially crafted WER file and execute arbitrary code on the system in kernel mode.

Note: this vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in WhatsApp
CVE-2019-3568

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WhatsApp VOIP stack when processing SRTCP packets. A remote attacker can send a series of specially crafted SRTCP packets sent to a target phone number, trigger buffer overflow and execute arbitrary code on the target device.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

i

The vulnerability was used in a targeted attack against a limited number of people. First vulnerability exploitation was detected on May 12 2019. The attackers targeted a phone of a UK-based human rights lawyer to install spyware.

Software: WhatsApp Messenger for Android

Known/fameous malware:

Pegasus

The vulnerability was used in a targeted attack against a limited number of people. First vulnerability exploitation was detected on May 12 2019. The attackers targeted a phone of a UK-based human rights lawyer to install spyware.

Improper access control in Yuzo Related Posts WordPress plugin

Improper access control

The vulnerability allows a remote attacker to gain unauthorized access to the website.

The vulnerability exists due to improper access restrictions when processing HTTP requests. A remote attacker can pass specially crafted configuration to the affected application and inject arbitrary JavaScript code WordPress configuration.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable application.

Note: the vulnerability is being actively exploited i the wild.

Not patched
i

Improper access control vulnerability in the plugin allowed attacker to inject malicious JavaScript code and redirect users to phishing websites.

Software: Related Posts

Improper access control vulnerability in the plugin allowed attacker to inject malicious JavaScript code and redirect users to phishing websites.

Privilege escalation in Win32k.sys driver in Microsoft Windows
CVE-2019-0859

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note: this vulnerability is being actively exploited in the wild.

i

The vulnerability was reported to Microsoft by Vasily Berdnikov and Boris Larin from Kaspersky Lab.

Software: Windows

The vulnerability was reported to Microsoft by Vasily Berdnikov and Boris Larin from Kaspersky Lab.

Privilege escalation in Win32k.sys driver in Microsoft Windows
CVE-2019-0803

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing objects in memory within the Microsoft Graphics Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note: this vulnerability is being actively exploited in the wild.

i

The vulnerability was reported to Microsoft by Donghai Zhu of Alibaba Cloud Intelligence Security Team.

Software: Windows

The vulnerability was reported to Microsoft by Donghai Zhu of Alibaba Cloud Intelligence Security Team.

Backdoor in Asus Live Update

Hidden functionality (backdoor)

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.

Note: this backdoor was implented as a result of ASUS servers compromise within the APT attack dubbed “Operation ShadowHammer”. The campaign ran from June to at least November 2018.

i

An APT campaign was launched against ASUS between June and November 2018. The attacker compromised ASA Live Update servers and distributed malware to cca. 1 million computers worldwide. 

The attack was attributed to APT17 adversary, also known as Deputy Dog.

Software: ASUS Live Update

An APT campaign was launched against ASUS between June and November 2018. The attacker compromised ASA Live Update servers and distributed malware to cca. 1 million computers worldwide. 

The attack was attributed to APT17 adversary, also known as Deputy Dog.

Stored XSS in Social Warfare WordPress plugin
CVE-2019-9978

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting attacks.

The vulnerability exists due to usage of the eval() JavaScript call on data passed via the  "swp_url" HTTP GET parameter to "/wp-admin/admin-post.php" script, when "swp_debug" is set to "load_options", allowing to permanently inject and execute arbitrary JavaScript code on the website. A remote unauthenticated attacker can store a specially crafted JavaScript code into database and execute it in browser of every website visitor.

Note: this vulnerability is being actively exploited in the wild.

Exploitation example:

http://[host]/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://[malicious_js_script]/
i

A stored XSS vulnerability in the Social Warfare plugin, used by 70 000 users, led to a mass hacking campaign of WordPress websites.

Software: WordPress Social Sharing Plugin – Social Warfare

A stored XSS vulnerability in the Social Warfare plugin, used by 70 000 users, led to a mass hacking campaign of WordPress websites.

Insecure deserialization in Easy WP SMTP plugin for WordPress

Deserialization of Untrusted Data

The vulnerability allows a remote attacker to compromise vulnerable website.

The vulnerability exists due to insecure input validation when processing serialized data passed via the "swpsmtp_import_settings" HTTP POST parameter to /easy-wp-smtp.php script. A remote unauthenticated attacker can import arbitrary wp_options and reconfigure WordPress to allow user registration with administrative privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable website.

Note: this vulnerability is being actively exploited in the wild.

i

WordPress websites were under attack due to vulnerability in a popular WP plugin since March 15, 2019.

Software: Easy WP SMTP

WordPress websites were under attack due to vulnerability in a popular WP plugin since March 15, 2019.

Privilege escalation in Microsoft Windows Win32k.sys driver
CVE-2019-0797

Memory corruption

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Win32k.sys driver. A local user can execute a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

i

Kaspersky Lab has detected and reported a zero-day vulnerability in Win32k.sys driver in Microsoft Windows.

Software: Windows

Kaspersky Lab has detected and reported a zero-day vulnerability in Win32k.sys driver in Microsoft Windows.

Privilege escalation in Microsoft Windows
CVE-2019-0808

NULL pointer dereference

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a NULL pointer dereference error in the win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call within the win32k.sys kernel driver. A local user can use a specially crafted application to escape sandbox and execute arbitrary code on the target system with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild along with vulnerability in Google Chrome described in (SB2019030405).

i

On March 7th Google has reported in the wild exploitation of vulnerability in Microsoft Windows. During the attack the adversary used another zero-day vulnerability in Google Chrome in order to execute code on the system and vulnerability in Microsoft Windows to escalate privileges.
The initial attack was detected in late February.

Software: Windows

On March 7th Google has reported in the wild exploitation of vulnerability in Microsoft Windows. During the attack the adversary used another zero-day vulnerability in Google Chrome in order to execute code on the system and vulnerability in Microsoft Windows to escalate privileges.
The initial attack was detected in late February.

Remote code execution in Google Chrome
CVE-2019-5786

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in FileReader. A remote attacker can trick the victim into opening a specially crafted file with Google Chrome, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability is being exploited in the wild.

i

The vulnerability in Google Chrome was used in a targeted attack along with another zero-day in Microsoft Windows.

The initial attack was detected in late February.

Software: Google Chrome

The vulnerability in Google Chrome was used in a targeted attack along with another zero-day in Microsoft Windows.

The initial attack was detected in late February.

Dangerous file upload in Adobe ColdFusion
CVE-2019-7816

Dangerous file upload

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when processing file uploads. A remote attacker can upload and execute arbitrary code on the target system with privileges of the ColdFusion service. Successful exploitation of the vulnerability requires that the attacker has the ability to upload files.

Note, this vulnerability is being actively exploited in the wild.

Software: ColdFusion

Information disclosure via PDF files in Google Chrome

Exposed dangerous method or function

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the PDF viewer allows sending information to a third-party domain via the "this.submitForm()" PDF Javascript API. A remote attacker can trick the victim into opening a specially crafted PDF file with Google Chrome and obtain sensitive information.

Note: the vulnerability is being actively exploited in the wild.

Not patched
i

Vulnerability exploitation was spotted by EdgeSpot in late December 2018. The company detected multiple PDF samples in the wild that use dangerous JavaScript method to send information, retrieved from user's computer to a third-party domain.

Software: Google Chrome

Vulnerability exploitation was spotted by EdgeSpot in late December 2018. The company detected multiple PDF samples in the wild that use dangerous JavaScript method to send information, retrieved from user's computer to a third-party domain.

Information Disclosure in Microsoft Internet Explorer
CVE-2019-0676

Out-of-bounds read

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to boundary error when processing HTML content. A remote attacker can trick the victim to open a specially crafted webpage, trigger out-of-bounds read and test for the presence of files on disk.

Software: Microsoft Internet Explorer

Multiple vulnerabilities in Apple iOS
CVE-2019-7287

Privilege escalation

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to a boundary error in the IOKit component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Note: according to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.
i

According to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.

Software: Apple iOS

According to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.

Multiple vulnerabilities in Apple iOS
CVE-2019-7286

Memory corruption

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to a boundary error in the Foundation component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

Note: according to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.
i

According to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.

Software: Apple iOS

According to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.

Memory Corruption in Microsoft Internet Explorer
CVE-2018-8653

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing web pages. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Software: Microsoft Internet Explorer

Privilege escalation in Windows kernel
CVE-2018-8611

Race condition

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to a race condition within the Kernel Transaction Manager driver (ntoskrnl.exe) when processing transacted file operations in kernel mode. A local user can create a specially program, and run arbitrary code on the system n kernel mode.

Note: the vulnerability is being exploited in the wild.

i

This vulnerability was reported to Microsoft by Kaspersky Lab. It is believed it was used by FruityArmor and SandCat APT groups against companies in the Middle East and Africa.

Software: Windows

This vulnerability was reported to Microsoft by Kaspersky Lab. It is believed it was used by FruityArmor and SandCat APT groups against companies in the Middle East and Africa.

Multiple vulnerabilities in Adobe Flash Player
CVE-2018-15982

Use-after-free

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing SWF files. A remote attacker can create a specially crafted .swf file, trick the victim to open it and execute arbitrary code on system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being exploited in the wild.

i

Vulnerability exploitation was spotted by several security companies. The attack was detected on November 29, 2018 and seems to be executed by a Ukrainian APT group UA-APT.

360 Core Security dubbed the attack "Operation Poison Needles".

Software: Adobe Flash Player

Vulnerability exploitation was spotted by several security companies. The attack was detected on November 29, 2018 and seems to be executed by a Ukrainian APT group UA-APT.

360 Core Security dubbed the attack "Operation Poison Needles".

Privilege escalation in Windows Win32k.sys driver
CVE-2018-8589

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within Win32k.sys driver. A local user can create a specially crafted application, run it on vulnerable system and execute code withe superuser privileges.

Note: this vulnerability is being actively exploited in limited targeted attacks.

i

The vulnerability was privately reported to Microsoft by Kaspersky Lab.

Software: Windows

The vulnerability was privately reported to Microsoft by Kaspersky Lab.

Denial of service in Suricata
CVE-2018-18956

Segmentation fault

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to segmentation fault in the ProcessMimeEntity function in util-decode-mime.c when handling malicious input. A remote attacker can supply specially crafted input to the SMTP parser, trigger segfault and cause daemon crash.

Note: according to MITRE statement, the vulnerability has been exploited in the wild in November 2018.
i

According to MITRE statement, the vulnerability has been exploited in the wild in November 2018.

Software: Suricata

According to MITRE statement, the vulnerability has been exploited in the wild in November 2018.

Denial of service when processing SIP packets in Cisco ASA and Cisco Firepower Threat Defense
CVE-2018-15454

Input validation error

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of SIP traffic. A remote attacker can send specially crafted SIP packets to the affected device, cause high CPU load that may lead to denial of service conditions.

Note, this vulnerability is being actively exploited in the wild against a limited number of targets.

Not patched
i

The vulnerability was discovered during the resolution of a Cisco TAC support case and reported by Cisco PSIRT.

Software: Cisco ASA 5500-X Series

The vulnerability was discovered during the resolution of a Cisco TAC support case and reported by Cisco PSIRT.

Remote code execution in Microsoft Word

Logic error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a logical bug is revealed when embedding a video via the 'online video' feature. A remote attacker can embed a video inside a Word document, edit the XML file named document.xml, replace the video link with a crafted payload created by the attacker which opens Internet Explorer Download Manager with the embedded code execution file and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Note: as of October 31, 2018 the vulnerability is being actively exploited in the wild.

Not patched
i

Trend Micro has issued a report detailing in the wild exploitation of a publicly disclosed vulnerability in Microsoft Word. According to VirusTotal timestamps, the first wave of exploitation began on October 31, 2018. The vulnerability was disclosed on October 25.

Software: Microsoft Word

Known/fameous malware:

TROJ_EXPLOIT.AOOCAI
TSPY_URSNIF.OIBEAO

Trend Micro has issued a report detailing in the wild exploitation of a publicly disclosed vulnerability in Microsoft Word. According to VirusTotal timestamps, the first wave of exploitation began on October 31, 2018. The vulnerability was disclosed on October 25.

Arbitrary file upload in jQuery File Upload plugin
CVE-2018-9206

Arbitrary file upload

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists in the plugin's source code that handles file uploads to PHP servers due to software allows upload of arbitrary files to the system. A remote unauthenticated attacker can upload arbitrary .htaccess file to impose security restrictions to its upload folder and upload backdoors and web shells.

Note: The vulnerability has been actively exploited for at least 3 years.
i

The vulnerability is publicly known since at least 2015.

Software: jQuery File Upload

The vulnerability is publicly known since at least 2015.

Privilege escalation in GDPR Compliance plugin for WordPress
CVE-2018-19207

Privilege escalation

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to the software fail to do capability checks when executing its internal action save_setting to make such configuration changes when processing arbitrary options and values to this endpoint. A remote attacker can set the users_can_register option to 1, and change the default_role of new users to “administrator” to simply fill out the form at /wp-login.php?action=register and immediately access a privileged account, change these options back to normal and install a malicious plugin or theme containing a web shell or other malware to further infect the victim site.

Note: this vulnerability is being actively exploited in the wild.

i

Vulnerability exploitation has been spotted in the wild by WordPress website owners. The initial attack was first reported on October 13. The attackers used vulnerability in plugin to gain administrative privileges on the affected websites.

Software: WP GDPR Compliance

Vulnerability exploitation has been spotted in the wild by WordPress website owners. The initial attack was first reported on October 13. The attackers used vulnerability in plugin to gain administrative privileges on the affected websites.

Privilege escalation in Microsoft Windows Win32k
CVE-2018-8453

Use-after-free

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to a use-after free error in win32kfull!xxxDestroyWindow Win32k component. A local user can run a specially crafted application, trigger memory corruption and execute arbitrary code in kernel mode.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: the vulnerability has been actively exploited in the wild.

i

According to Kaspersky Lab, the vulnerability is being actively exploited by the FruityArmor APT actor.

Software: Windows

Known/fameous malware:

HEUR:Exploit.Win32.Generic
HEUR:Trojan.Win32.Generic
PDM:Exploit.Win32.Generic

According to Kaspersky Lab, the vulnerability is being actively exploited by the FruityArmor APT actor.

Backdoor in Vesta Control Panel

Backdoor

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to presence of a backdoor code in the official vendor's repository since May 2018 until at least June 2018. All users that installed vesta panel between May and June are affected.
i

VestaCP repository was compromised around May 2018 and contained malware at least until June 2018. As a result, user's credentials, generated by VestaCP, and other information were stolen by the attackers.

Software: Vesta Control Panel

Known/fameous malware:

Linux/ChachaDDoS

VestaCP repository was compromised around May 2018 and contained malware at least until June 2018. As a result, user's credentials, generated by VestaCP, and other information were stolen by the attackers.

Spoofing attack in Apple Safari

Spoofing attack

The vulnerability allows a remote attacker to conduct spoofing attack.

The weakness exists due to the way macOS processes URI handlers with enabled "Open Safe Files" setting in Safari browser. A remote attacker can create a specially crafted web page, trick the victim into clicking on a spoof dialog box and force unauthorized downloading of malicious file (e.g. ZIP-archive). Once downloaded, the archive will be automatically extracted.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability is being exploited in the wild by the WindShift APT actor against government organizations in the Middle East.


Not patched
i

Vulnerability in Apple Safari was used to bypass browser security restrictions and upload malware to vulnerable systems, according to DarkMatter LLC report.

The attack is believed to be carried out by the WindShift APT actor against government organizations in the Middle East.

Software: Apple Safari

Vulnerability in Apple Safari was used to bypass browser security restrictions and upload malware to vulnerable systems, according to DarkMatter LLC report.

The attack is believed to be carried out by the WindShift APT actor against government organizations in the Middle East.

Multiple vulnerabilities in Microsoft Windows SMB
CVE-2019-0703

Information disclosure

The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way that the Windows SMB Server handles certain requests. A remote authenticated user can gain unauthorized access to sensitive information on the system.

Note: this vulnerability has being exploited in the wild. The exploit code was detected in the Bemstour exploit tool in September 2018 and has being used by Buckeye (APT3) APT group.

i

Exploit code for this vulnerability was detected by Symantec when analyzing the Bemstour exploit tool in September 2018. Researchers make connection between the Buckeye (APT3) group and such exploit packs as Bemstour exploit tool and DoublePulsar.

Software: Windows

Known/fameous malware:

Bemstour exploit tool

Exploit code for this vulnerability was detected by Symantec when analyzing the Bemstour exploit tool in September 2018. Researchers make connection between the Buckeye (APT3) group and such exploit packs as Bemstour exploit tool and DoublePulsar.

Privilege escalation in Microsoft Windows
CVE-2018-8440

Privilege escalation

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to ALPC access control flaw. A local attacker can create a hard link from a readable file on the system to a '.job' file in the 'c:\windows\tasks' directory, invoke the _SchRpcSetSecurity() method of the task scheduler service ALPC endpoint to overwrite the linked file and gain system level privileges on the target system. The vulnerability was dubbed "SendboxEscaper".

Note: the vulnerability is being exploited in the wild by the PowerPool group.

i

A privilege escalation vulnerability was first publicly disclosed on Twitter on August 27, 2018. It was successful incorporated into malware used by the PowerPool group, reported by ESET.
The vulnerability was dubbed SendboxEscaper by its author.

Software: Windows

A privilege escalation vulnerability was first publicly disclosed on Twitter on August 27, 2018. It was successful incorporated into malware used by the PowerPool group, reported by ESET.
The vulnerability was dubbed SendboxEscaper by its author.

Remote command execution in Windows Shell on Microsoft Windows 10 and 2016
CVE-2018-8414

Improper input validation

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to an error when validating file paths in Windows Shell. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary system commands on the vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Software: Windows

Remote code execution in Microsoft Internet Explorer
CVE-2018-8373

Use-after-free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a use-after-free error in VBScript when the scripting engine handles objects in memory in Internet Explorer. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: The vulnerability has been exploited in the wild.

i

The vulnerability was spotted in the wild by Trend Micro researcher on July 11, 2018. The exploit sample detected by the researchers was using the same obfuscation technique as exploits for CVE-2018-8174, spotted in the wild by Qihoo 360 in April 2018.

Software: Microsoft Internet Explorer

Known/fameous malware:

HTML_EXPLOIT.YYRV

The vulnerability was spotted in the wild by Trend Micro researcher on July 11, 2018. The exploit sample detected by the researchers was using the same obfuscation technique as exploits for CVE-2018-8174, spotted in the wild by Qihoo 360 in April 2018.

Multiple vulnerabilities in Adobe Flash Player
CVE-2018-5002

Stack-based buffer overflow

The vulnerability allows a remote attacker to compromise target system.

The vulnerability exists due to a stack-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow the attacker to compromise vulnerable system.

Note: this vulnerability is being actively exploited in the wild.


i

The vulnerability was reported to Adobe by the following researchers: Chenming Xu and Jason Jones of ICEBRG, Bai Haowen, Zeng Haitao and Huang Chaowen of 360 Threat Intelligence Center of 360 Enterprise Security Group, and Yang Kang, Hu Jiang, Zhang Qing, and Jin Quan of Qihoo 360 Core Security (@360CoreSec), Tencent PC Manager.

The attacks exploiting this vulnerability mainly target the Middle East.

Software: Adobe Flash Player

The vulnerability was reported to Adobe by the following researchers: Chenming Xu and Jason Jones of ICEBRG, Bai Haowen, Zeng Haitao and Huang Chaowen of 360 Threat Intelligence Center of 360 Enterprise Security Group, and Yang Kang, Hu Jiang, Zhang Qing, and Jin Quan of Qihoo 360 Core Security (@360CoreSec), Tencent PC Manager.

The attacks exploiting this vulnerability mainly target the Middle East.

Remote code execution in Samsung SDS Acube ActiveX Control

Improper input validation

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the AcubeFileCtrl.ocx ActiveX component. A remote attacker can trick the victim into visiting a specially crafted web page and execute arbitrary code on the target system.

Note: this vulnerability is being actively exploited in the wild.


i

The South Korean CERT has reported in the wild exploitation of a remote code execution vulnerability in a popular ActiveX component. The group behind this attack is called Andariel Group. the group is tied to activity of a known North Korean adversary Lazarus Group.

Software: Samsung SDS Acube ActiveX Control

The South Korean CERT has reported in the wild exploitation of a remote code execution vulnerability in a popular ActiveX component. The group behind this attack is called Andariel Group. the group is tied to activity of a known North Korean adversary Lazarus Group.

CSRF in multiple DrayTek routers

Cross-site request forgery

The vulnerability allows a remote attacker to perform CSRF attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in DrayTek Vigor web management interface. A remote attacker can change setting of Vigor router.

Note: this vulnerability has been exploited in the wild in May 2018. The attackers changed DNS servers of victims to address: 38.134.121.95
i

Vulnerability exploitation was spotted by users of DrayTek routers. Attackers used CSRF vulnerability to change DNS settings of multiple routers to address: 38.134.121.95.

Software: DrayTek firmware

Vulnerability exploitation was spotted by users of DrayTek routers. Attackers used CSRF vulnerability to change DNS settings of multiple routers to address: 38.134.121.95.

Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2018-4990

Double free memory error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to double free memory error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.
Note: the vulnerability has being exploited in the wild in March 2018 along with exploit for SB2018050813.

i

In March 2018 ESET detected attacks using two zero-day vulnerabilities in Microsoft win32k.sys driver (CVE-2018-8120) and and Adobe Acrobat.

Software: Adobe Acrobat

Known/fameous malware:

JS/Exploit.Pdfka.QNV trojan (ESET)

In March 2018 ESET detected attacks using two zero-day vulnerabilities in Microsoft win32k.sys driver (CVE-2018-8120) and and Adobe Acrobat.

Privilege escalation in Microsoft Windows win32k.sys driver
CVE-2018-8120

Buffer overflow

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to boundary error in win32k.sys driver. A local user can execute arbitrary code with SYSTEM privileges.

Note: this vulnerability is being actively exploited in limited targeted attacks.

i

The vulnerability was reported by ESET in March 2018. The attackers used this vulnerability along with double free error in Adobe Acrobat CVE-2018-4990.

Software: Windows

Known/fameous malware:

Win32/Exploit.CVE-2018-8120.A trojan (ESET)

The vulnerability was reported by ESET in March 2018. The attackers used this vulnerability along with double free error in Adobe Acrobat CVE-2018-4990.

Remote denial of service in Matrix Synapse
CVE-2018-10657

Improper input validation

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an input validation error where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py. A remote attacker can send malicious messages and perform a denial of service attack.

Note: this vulnerability has been exploited in the wild in April 2018.

i

The attack was performed on Sunday, April 29 against #matrix:matrix.org and #matrix-dev:matrix.org that made the rooms temporarily unusable.

Software: Synapse

The attack was performed on Sunday, April 29 against #matrix:matrix.org and #matrix-dev:matrix.org that made the rooms temporarily unusable.

Integer overflow in Useless Ethereum Token (UET) implementation
CVE-2018-10468

Integer overflow

The vulnerability allows a remote attacker to steal digital assets.

The vulnerability exists due to integer overflow within the transferFrom() function of a smart contract implementation for Useless Ethereum Token (UET). A remote attacker can steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.

The vulnerability was dubbed "transferFlaw" and has been exploited in the wild in December 2017.

Not patched
i

This particular vulnerability affects a publicly traded ERC20 token listed in a top exchange. According to PeckShield this vulnerability has been already exploited in the wild since 2017/12/23 in multiple transactions.

Software: Useless Ethereum Token

This particular vulnerability affects a publicly traded ERC20 token listed in a top exchange. According to PeckShield this vulnerability has been already exploited in the wild since 2017/12/23 in multiple transactions.

Integer overflow in SmartMesh ERC20 token
CVE-2018-10376

Integer overflow

The vulnerability allows a remote attacker to manipulate digital assets.

The vulnerability exists due to integer overflow in a smart contract implementation for SmartMesh (aka SMT) within Ethereum ERC20 token. A remote unauthenticated attacker can increase digital assets via crafted _fee and _value parameter.

Note: the vulnerability was actively exploited in April 2018 and was dubbed "proxyOverflow".

Not patched
i

Vulnerability exploitation was spotted on April 24 by a blockchain security startup PeckShield. As a result, OKEx has suspended all ERC-20 tokens.

Software: SmartMesh ERC20 token

Vulnerability exploitation was spotted on April 24 by a blockchain security startup PeckShield. As a result, OKEx has suspended all ERC-20 tokens.

Authentication bypass in MikroTik RouterOS
CVE-2018-14847

Improper authentication

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper authentication in the exposed by default Winbox interface on port 8291/TCP. A remote attacker can send specially crafted packets to the affected service, bypass authentication, download local database with user accounts and gain full access to the vulnerable device.

Successful exploitation of the vulnerability may result in system compromise.

Note: this vulnerability has being exploited in the wild in April 2018.
i

The vulnerability was exploited against a very limited number of targets.

Software: MikroTik RouterOS

The vulnerability was exploited against a very limited number of targets.

Integer overflow in multiple Ethereum-based (ERC20) smart contracts
CVE-2018-10299

Integer overflow

The vulnerability allows a remote attacker to perform unauthorized actions.

The vulnerability exists due to integer overflow in the batchTransfer() function of a smart contract implementation for Beauty Ecosystem Coin (BEC). The Ethereum ERC20 token used in the Beauty Chain economic system allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument.

The vulnerability is dubbed  "batchOverflow". It is exploited in the wild and caused suspension of all transactions and transfers by OKEx exchange.
Not patched
i

The vulnerability exploitation resulted in suspension of all BeautyChain (BEC) transactions.

Software: ERC-20

The vulnerability exploitation resulted in suspension of all BeautyChain (BEC) transactions.

Remote code execution in Microsoft VBScript engine
CVE-2018-8174

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the VBScript engine. A remote attacker can trick the victim into visiting a specially crafted website or open a malicious Office file and execute arbitrary code on the target system.

Note: the vulnerability is being actively exploited in the wild against victims in Asia region. The vulnerability is dubbed "double play".
i

Vulnerability exploitation was detected by Qihoo 360. The company uncovered a zero-day vulnerability in IE, dubbed ‘double play’, that was triggered by weaponized MS Office documents. The experts have been observing an APT group targeting a limited number of users exploiting the zero-day flaw.

Hackers can use the ‘double play’ flaw to implant a backdoor Trojan and take full control over the vulnerable machine.

The APT group was delivering an Office document with a malicious web page embedded, once the user opens the document, the exploit code and malicious payloads are downloaded and executed from a remote server. The later phase of this attack leverages a public UAC bypass technique and uses file steganography and memory reflection loading to avoid traffic monitoring and achieve loading with no files. This ‘double play’ vulnerability may affect the latest versions of Internet Explorer and applications that are with IE kernel.

For now most of the victims are located in Asia.
In May 2018 the vulnerability was added into the RIG exploit kit, after the PoC code became publicly available.

Software: Windows

Known/fameous malware:

RIG exploit kit

Vulnerability exploitation was detected by Qihoo 360. The company uncovered a zero-day vulnerability in IE, dubbed ‘double play’, that was triggered by weaponized MS Office documents. The experts have been observing an APT group targeting a limited number of users exploiting the zero-day flaw.

Hackers can use the ‘double play’ flaw to implant a backdoor Trojan and take full control over the vulnerable machine.

The APT group was delivering an Office document with a malicious web page embedded, once the user opens the document, the exploit code and malicious payloads are downloaded and executed from a remote server. The later phase of this attack leverages a public UAC bypass technique and uses file steganography and memory reflection loading to avoid traffic monitoring and achieve loading with no files. This ‘double play’ vulnerability may affect the latest versions of Internet Explorer and applications that are with IE kernel.

For now most of the victims are located in Asia.
In May 2018 the vulnerability was added into the RIG exploit kit, after the PoC code became publicly available.

Authentication bypass in Vesta Control Panel

Improper authentication

The vulnerability allows a remote attacker to bypass authentication checks and gain full access to the affected system.

The vulnerability exists due to import validation of the authentication credentials in Vesta CP management interface. A remote unauthenticated attacker can send a specially crafted HTTP request to Vesta CP management interface, bypass authentication and gain full control over the affected server.

Note: this vulnerability is being actively exploited in the wild.

The attack was reportedly performed from IP addresses, located in China. The attackers created a file "/etc/cron.hourly/gcc.sh" on infected systems. If this file is present on your server, it means that you system has been compromised.
i

The vulnerability was used to compromise hosting servers. The attack was reportedly performed from IP addresses, located in China.
This vulnerability triggered an outage of Digitalocean in NYC regions.

Software: Vesta Control Panel

The vulnerability was used to compromise hosting servers. The attack was reportedly performed from IP addresses, located in China.
This vulnerability triggered an outage of Digitalocean in NYC regions.

Remote code execution in PyBitmessage

Remote code execution

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a message encoding bug. A remote attacker can send a specially crafted message, run an automated script looking in ~/.electrum/wallets, open a remote reverse shell, gain access to other files and execute arbitrary code.

Successful exploitation of the vulnerability results in system compromise.

Note: the vulnerability has been actively exploited to create a remote shell and steal bitcoins from Electrum wallets.
i

The vulnerability was used in the wild against PyBitmessage v0.6.2 users. According to vendor's notice, Bitmessage developer Peter Šurda's Bitmessage addresses were compromised as well by the attackers.

Software: PyBitmessage

The vulnerability was used in the wild against PyBitmessage v0.6.2 users. According to vendor's notice, Bitmessage developer Peter Šurda's Bitmessage addresses were compromised as well by the attackers.

Remote code execution in Adobe Flash Player
CVE-2018-4878

Use-after-free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a use-after-free error when processing .swf files. A remote attacker can execute arbitrary code on the target system.

Note: this vulnerability is being actively exploited in the wild against the latest version of Adobe Flash Player.

UPDATE: The vendor has issued the fixed version on February 6, 2018.
i

KR-CERT reported in the wild exploitation of zero-day vulnerability in the latest version of Adobe Flash Player. According to the South Korean Computer Emergency Response Team (KR-CERT), the exploit has being used in the wild since mid-November 2017.

Security experts for FireEye linked the vulnerability to the hacking group TEMP.Reaper. The IP-addresses from which attacks were connected with the C&C-servers belong to the Internet provider Star JV - a joint venture of North Korea and Thailand.

Cisco Talos observed use of vulnerability in attacks conducted by Group 123.

According to FireEye, after successful exploitation of the vulnerability the system is infected with DOGCALL malware.

Cisco Talos specialists also reported cyberattacks using the malicious software, which they called Rokrat.

As revealed by security experts for Morphisec Labs Michael Gorelik and Assaf Kachlon the vulnerability has been used in a watering hole attack against Hong Kong Telecommunications company.

Software: Adobe Flash Player

Known/fameous malware:

DOGCALL
Rokrat

KR-CERT reported in the wild exploitation of zero-day vulnerability in the latest version of Adobe Flash Player. According to the South Korean Computer Emergency Response Team (KR-CERT), the exploit has being used in the wild since mid-November 2017.

Security experts for FireEye linked the vulnerability to the hacking group TEMP.Reaper. The IP-addresses from which attacks were connected with the C&C-servers belong to the Internet provider Star JV - a joint venture of North Korea and Thailand.

Cisco Talos observed use of vulnerability in attacks conducted by Group 123.

According to FireEye, after successful exploitation of the vulnerability the system is infected with DOGCALL malware.

Cisco Talos specialists also reported cyberattacks using the malicious software, which they called Rokrat.

As revealed by security experts for Morphisec Labs Michael Gorelik and Assaf Kachlon the vulnerability has been used in a watering hole attack against Hong Kong Telecommunications company.

Remote code execution in Microsoft Word
CVE-2018-0802

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing Microsoft Word documents. A remote attacker can create a specially crafted Word document, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software.

Note: the vulnerability is being exploited in the wild.

Software: Microsoft Word

Remote code execution in Huawei HG532 routers
CVE-2017-17215

Command injection

The vulnerability allows a remote attacker with administrator privileges to perform command injection attack on the target system.

The weakness exists due to the implementation of the TR-064 (technical report standard), an application layer protocol for remote management, in the Huawei devices was exposed on the public Internet through Universal Plug and Play (UPnP) protocol at port 37215. A remote attacker can inject shell meta-characters “$()” in the NewStatusURL and NewDownloadURL, inject arbitrary commands and execute arbitrary code.

Successful exploitation of the vulnerability allows to download and execute the malicious payload on the Huawei routers and upload Satori botnet that may result in system compromise.

Note: the vulnerability is being actively exploited.
i

The vulnerability has been used in Satori attacks against Huawei's router model HG532. The most targeted countries include the United States, Italy, Germany, and Egypt.

Software: Huawei HG532

Known/fameous malware:

Satori botnet, Mirai malware

The vulnerability has been used in Satori attacks against Huawei's router model HG532. The most targeted countries include the United States, Italy, Germany, and Egypt.

Information disclosure in Roundcube
CVE-2017-16651

Information disclosure

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to insufficient validation of file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. A remote attacker can modify the login form and submit it with valid credentials (username/password) of an email account, send a specially crafted HTTP request and gain unauthorized access to arbitrary files on the host's filesystem, including configuration files of Roundcube.

Note: the vulnerability is being actively exploited.

Software: Roundcube

Remote code execution in Adobe Flash Player
CVE-2017-11292

Type confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when processing .swf files. A remote unauthenticated attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

i

According to Kaspersky Lab, the vulnerability has being exploited by the BlackOasis threat actor. The recent attacks leveraging today's zero-day sent malicious Office documents to victims, which came with an embedded ActiveX object that contained the Flash CVE-2017-11292 exploit.

Software: Adobe Flash Player

Known/fameous malware:

FINSPY

According to Kaspersky Lab, the vulnerability has being exploited by the BlackOasis threat actor. The recent attacks leveraging today's zero-day sent malicious Office documents to victims, which came with an embedded ActiveX object that contained the Flash CVE-2017-11292 exploit.

Remote code execution in Microsoft Office
CVE-2017-11826

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious content. A remote attacker can send a specially crafted .doc file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Note: the vulnerability is being actively exploited.
i

The weakness was reported to Microsoft by researchers at China-based security firm Qihoo 360. The experts said they first observed an attack exploiting this vulnerability on September 28. The attacks targeted a small number of the company’s customers and they involved malicious RTF files.

Software: Microsoft Office

The weakness was reported to Microsoft by researchers at China-based security firm Qihoo 360. The experts said they first observed an attack exploiting this vulnerability on September 28. The attacks targeted a small number of the company’s customers and they involved malicious RTF files.

Backdoor in CCleaner

Backdoor

CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 were shipped with a backdoor code from official vendor’s website. The incident was detected on September 12.

The malicious version was released on August 15. Users, who downloaded CCleaner between August 15 and September 12, are affected.

i

Avast reported a security breach, which involved compromise of one of the CCleaner distribution servers. As a result, the adversary was able to distribute a backdoored version of CCleaner application between August 15 and September 12. The compromised version of CCleaner was distributed from the official vendor's website.

Software: CCleaner

Avast reported a security breach, which involved compromise of one of the CCleaner distribution servers. As a result, the adversary was able to distribute a backdoored version of CCleaner application between August 15 and September 12. The compromised version of CCleaner was distributed from the official vendor's website.

Remote code execution in Microsoft .NET Framework
CVE-2017-8759

Improper input validation

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to uncpecified error when processing untrusted input. A remote unauthenticated attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

i

The vulnerability was detected by FireEye  researchers. The attacker used Microsoft Office RTF document to leverage RCE in .NET Framework and deploy FINSPY malware. The malicious document “Проект.doc” (MD5: fe5c4d6bb78e170abf5cf3741868ea4c) had Russian name and might have been used to target a Russian speaker.

Software: Microsoft .NET Framework

Known/fameous malware:

FINSPY

The vulnerability was detected by FireEye  researchers. The attacker used Microsoft Office RTF document to leverage RCE in .NET Framework and deploy FINSPY malware. The malicious document “Проект.doc” (MD5: fe5c4d6bb78e170abf5cf3741868ea4c) had Russian name and might have been used to target a Russian speaker.

Backdoor in NetSarang software

Backdoor

The vulnerability allows a remote attacker to gain complete control over affected system.

The weakness exists due to presence of backdoor functionality in the nssock2.dll library. After installation, the backdoor ShadowPad activates itself by sending a DNS TXT request for a specific domain. After successful activation, a remote attacker can gain full access to the affected system.

The backdoor has the ability to connect to a malicious C&C server and executed commands, sent by malicious actors.

The backdoor was discovered on August 4, 2017 by Kaspersky Labs researchers.
i

A backdoor code was detected in NetSarang software on August 4, 2017. Next day, on August 5 the developer has released an update to resolve the issue. As of August 15, there is an evidence, that the code has being utilized by one instance in Hong Kong.

The malicious code was delivered to the vendor's clients  by compromising the software update mechanism. The backdoor was included into updates, issued on July 18, 2017. The update contained ShadowPad backdoor.

Software: Xftp

Known/fameous malware:

ShadowPad backdoor

A backdoor code was detected in NetSarang software on August 4, 2017. Next day, on August 5 the developer has released an update to resolve the issue. As of August 15, there is an evidence, that the code has being utilized by one instance in Hong Kong.

The malicious code was delivered to the vendor's clients  by compromising the software update mechanism. The backdoor was included into updates, issued on July 18, 2017. The update contained ShadowPad backdoor.

Privilege escalation in Linux kernel
CVE-2017-7533

Race condition

The vulnerability allows a local user to execute arbitrary code with escalated privileges.

The vulnerability exists due to a race condition in the fsnotify implementation in the Linux kernel through 4.12.4. A local user can create an application, which leverages simultaneous execution of the inotify_handle_event and vfs_rename functions and trigger mem