Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 98
Remote code execution in Barracuda Email Security Gateway Appliance (ESG)
CVE-2023-7102
Exposed dangerous method or function
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation within the third-party Perl library Spreadsheet::ParseExcel used to parse Excel files. A remote attacker can send a specially crafted email with a malicious file inside and execute arbitrary code on the device.
Note, the vulnerability is being actively exploited in the wild.
It is believed that behind vulnerability exploitation is the China nexus actor tracked as UNC4841.
Software: Email Security Gateway (ESG)
Known/fameous malware:
SEASPY, SALTWATER
It is believed that behind vulnerability exploitation is the China nexus actor tracked as UNC4841.
Links:
https://www.barracuda.com/company/legal/esg-vulnerability
Remote code execution in Google Chrome
CVE-2023-7024
Heap-based buffer overflow
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebRTC. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
Embedded malicious code in Ledger Connect Kit
Embedded malicious code (backdoor)
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to drain crypto assets from users' wallets.
Note, the vulnerability is being actively exploited in the wild.
Software: connect-kit
Links:
https://twitter.com/Ledger/status/1735291427100455293
OS Command Injection in QNAP QVR Firmware
CVE-2023-47565
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within QNAP VioStor NVR models running QVR firmware. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild by the Mirai-based botnet named InfectedSlurs.
Software: QVR
Known/fameous malware:
InfectedSlurs
Links:
OS Command Injection in FXC routers
CVE-2023-49897
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote user on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild by the Mirai-based botnet named InfectedSlurs.
Software: AE1021
Known/fameous malware:
InfectedSlurs
Links:
Multiple vulnerabilities in Apple iOS 17 and iPadOS 17
CVE-2023-42917
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Multiple vulnerabilities in Apple iOS 17 and iPadOS 17
CVE-2023-42916
Out-of-bounds read
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Multiple vulnerabilities in Google Chrome
CVE-2023-6345
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Skia component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
Use of default credentials in Unitronics Vision Series PLCs and HMIs
CVE-2023-6448
Use of default credentials
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to Unitronics Vision Series PLCs and HMIs use default administrative passwords. A remote attacker with network access to a PLC or HMI can gain administrative control over the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Unitronics Vision
Links:
https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
Privilege escalation in Microsoft Windows DWM Core Library
CVE-2023-36033
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows DWM Core Library. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36033
Security restrictions bypass in Microsoft Windows SmartScreen
CVE-2023-36025
Security features bypass
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in Windows SmartScreen feature. A remote attacker can trick the victim to click on a specially crafted .url file and execute arbitrary code on the system.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36025
Privilege escalation in Microsoft Windows Cloud Files Mini Filter Driver
CVE-2023-36036
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows Cloud Files Mini Filter Driver. A local user trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36036
Path traversal in SysAid
CVE-2023-47246
Path traversal
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can upload and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild by the Lace Tempest (DEV-0950) actor.
The vulnerability was exploited by the Lace Tempest (DEV-0950) APT actor.
Software: SysAid
The vulnerability was exploited by the Lace Tempest (DEV-0950) APT actor.
Links:
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
Multiple vulnerabilities in VMware vCenter Server
CVE-2023-34048
Out-of-bounds write
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the DCERPC protocol implementation. A remote non-authenticated attacker can send a specially crafted RPC request to the vCenter Server, trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild since late 2021.
The vulnerability was used since late 2021 by a Chinese threat actor UNC3886.
Software: vCenter Server
Known/fameous malware:
VIRTUALPITA, VIRTUALPIE
Links:
Multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
CVE-2023-4966
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote non-authenticated attacker can send specially crafted data to the device, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as AAAvirtualserver.
Note, the vulnerability is being actively exploited in the wild since August 2023.
Software: Citrix NetScaler Gateway
Links:
Multiple vulnerabilities in Cisco IOS XE Web UI software
CVE-2023-20198
Improper Privilege Management
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper privilege management in the web UI feature. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected device and create an account with privilege level 15 access.
Note, the vulnerability is being actively exploited in the wild.
Software: Cisco IOS XE
Links:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Unauthenticated arbitrary file upload in Royal Elementor Addons plugin for WordPress
CVE-2023-5360
Arbitrary file upload
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.
Note, the vulnerability is being actively exploited in the wild.
Software: Royal Elementor Addons
Links:
https://www.wordfence.com/blog/2023/10/psa-critical-unauthenticated-arbitrary-file-upload-vulnerability-in-royal-elementor-addons-and-templates-being-actively-exploited/
Cross-site scripting in Roundcube
CVE-2023-5631
Cross-site scripting
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing SVG files in program/lib/Roundcube/rcube_washtml.php. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note, the vulnerability is being actively exploited in the wild.
Software: Roundcube
Disclosure of NTLM hashes in Microsoft WordPad
CVE-2023-36563
Information disclosure
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to disclosure of NTLM hashes in WordPad. A remote attacker can trick the victim to open a specially crafted file and gain access to sensitive information.
Note, the vulnerability is being exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36563
Information disclosure in Skype for Business server
CVE-2023-41763
Information disclosure
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to IP addresses or port numbers or both to the attacker.
Note, the vulnerability is being actively exploited in the wild.
Software: Skype for Business Server
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-41763
Remote code execution in Confluence Data Center and Server
CVE-2023-22515
Improper Authentication
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to missing authentication at the "/setup/setupadministrator.action" endpoint. A remote non-authenticated attacker can send specially crafted requests to the server to create an administrative account and gain unauthorized access to the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Confluence Data Center
Links:
https://jira.atlassian.com/browse/CONFSERVER-92475
Multiple vulnerabilities in Apple iOS 17 and iPadOS 17
CVE-2023-42824
Buffer overflow
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213961
Multiple vulnerabilities in Qualcomm firmware
CVE-2023-33063
Use-after-free
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error during a remote call from HLOS to DSP. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Firmware
Multiple vulnerabilities in Qualcomm firmware
CVE-2023-33107
Integer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow while assigning shared virtual memory region during IOCTL call. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Firmware
Multiple vulnerabilities in Qualcomm firmware
CVE-2023-33106
Use of Out-of-range Pointer Offset
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Firmware
Multiple vulnerabilities in Google Chrome
CVE-2023-5217
Heap-based buffer overflow
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in vp8 encoding in libvpx. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
Remote code execution in Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software
CVE-2023-20109
Out-of-bounds write
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to┬аinsufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols within the Cisco Group Encrypted Transport VPN (GET VPN) feature. A remote authenticated user with administrative control of either a group member or a key server can trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability has been exploited in the wild.
Software: Cisco IOS
Links:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx
Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-41992
Input validation error
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local application can execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213927
Privilege escalation in Trend Micro Apex One and Worry-Free Business
CVE-2023-41179
OS Command Injection
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation within the third-party AV uninstaller module shipped with the software. A local user can execute arbitrary commands with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apex One
Links:
https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
Security features bypass in Google Pixel
CVE-2023-4211
Use-after-free
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within Mali GPU Kernel Driver. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Pixel
Links:
https://source.android.com/docs/security/bulletin/pixel/2023-09-01
Privilege escalation in Microsoft Streaming Service Proxy
CVE-2023-36802
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Microsoft Streaming Service Proxy. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36802
Information disclosure in Microsoft Word
CVE-2023-36761
Information disclosure
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application ca reveal sensitive information to a third-party. A remote attacker can trick the victim to open or preview a specially crafted file and obtain NTLM hash of the current account.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Word
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36761
Remote code execution in Adobe Acrobat and Reader
CVE-2023-26369
Out-of-bounds write
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Adobe Reader
Links:
https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
Remote code execution in Google Chrome
CVE-2023-4863
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2023-41061
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in Wallet. A remote attacker can trick the victim to open a specially crafted attachment and execute arbitrary code on the system.
Note, the vulnerability is being exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213905
Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2023-41064
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ImageIO subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213905
Authentication bypass using an alternate path or channel in Cisco Adaptive Security Appliance and Firepower Threat Defense
CVE-2023-20269
Authentication bypass using an alternate path or channel
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. A remote user can perform a brute-force attack and establish a clientless SSL VPN session with an unauthorized user.
Note, the vulnerability is being actively exploited in the wild.
Software: Cisco Adaptive Security Appliance (ASA)
Multiple vulnerabilities in Google Android
CVE-2023-35674
Improper input validation
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Android
API authentication bypass in Ivanti Sentry
CVE-2023-38035
Improper Authentication
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing authentication on certain APIs. A remote attacker can send a specially crafted HTTP request to port 8443/TCP, bypass authentication process and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: MobileIron Sentry
Links:
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
Path traversal in Terrasoft CRM
Path traversal
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote non-authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Note, the vulnerability is being actively exploited in the wild.
Links:
https://safe-surf.ru/specialists/news/697426/
Denial of service in ASP .NET and Visual Studio
CVE-2023-38180
Input validation error
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted input to the application and perform a denial of service (DoS) attack.
Note, the vulnerability is being actively exploited in the wild.
Software: ASP.NET Core
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180
File extension spoofing in WinRAR
CVE-2023-38831
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of file names inside .zip archives. A remote attacker can create a specially crafted archive that contains executable malicious files and spoof their file extension to look like .jpeg or .txt.
Note, the vulnerability is being actively exploited in the wild as of April 2023.
Software: WinRAR
Known/fameous malware:
DarkMe, GuLoader, RAT
MitM attack in MicroWorld Technologies eScan
Cleartext transmission of sensitive information
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to software uses insecure communication channel within the software update functionality. A remote attacker with ability to intercept network traffic can perform MitM attack during software update and swap the update package with malicious files.
Note, the vulnerability is being actively exploited in the wild.
Software: eScan
Known/fameous malware:
GuptiMiner
Links:
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
Arbitrary file overwrite in Ivanti Endpoint Manager Mobile
CVE-2023-35081
Path traversal
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote privileged user can send a specially crafted HTTP request and overwrite arbitrary files and compromise the affected system.
Note, this vulnerability is being actively exploited in the wild.
Software: Endpoint Manager Mobile (formerly MobileIron Core)
Links:
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
Authentication bypass in Ivanti Endpoint Manager Mobile (formerly MobileIron Core)
CVE-2023-35078
Improper Authentication
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an unspecified error in the authentication process. A remote attacker can bypass authentication and gain unauthorized access to the application.
Note, the vulnerability is being actively exploited in the wild as per Ivanti customers. The company at the moment did not comment on the incident and concealed all information about this vulnerability.
Software: Endpoint Manager Mobile (formerly MobileIron Core)
Links:
https://www.bleepingcomputer.com/news/security/ivanti-patches-mobileiron-zero-day-bug-exploited-in-attacks/
Multiple vulnerabilities in Apple iOS 15 and iPadOS 15
CVE-2023-41990
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in FontParser. A remote attacker can trick the victim to open a specially crafted file or visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Multiple vulnerabilities in Apple iOS 15 and iPadOS 15
CVE-2023-38606
Buffer overflow
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213842
Multiple vulnerabilities in Adobe ColdFusion
CVE-2023-38205
Improper access control
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote non-authenticated attacker can bypass implemented security restrictions and gain unauthorized access to the application.
Note, the vulnerability is being actively exploited in the wild.
Software: ColdFusion
Links:
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html
Multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
CVE-2023-3519
Code Injection
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAAтАпvirtualтАпserver. A remote non-authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Citrix Netscaler ADC
Links:
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
Reflected XSS in Zimbra Collaboration Suite
CVE-2023-37580
Cross-site scripting
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Zimbra Classic Web Client. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note, the vulnerability is being exploited in the wild.
Software: Zimbra Collaboration
Multiple vulnerabilities in Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication modules
CVE-2023-3595
Out-of-bounds write
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing CIP messages. A remote attacker can send specially crafted CIP messages to ports 44818/TCP or 2222/UDP, trigger an out-of-bounds write and execute arbitrary code.
Note, the vulnerability is most likely being exploited in the wild.
Software: 1756-EN2T Series A
Links:
https://www.dragos.com/blog/mitigating-cves-impacting-rockwell-automation-controllogix-firmware/
https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01
https://www.bleepingcomputer.com/news/security/rockwell-warns-of-new-apt-rce-exploit-targeting-critical-infrastructure/
Remote code execution in Microsoft Office and Windows HTML
CVE-2023-36884
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when handling cross-protocol file navigation. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability was exploited by the treat actor Storm-0978 (also known as DEV-0978 or RomCom) against defense and government entities in Europe and North America.
Software: Windows
The vulnerability was exploited by the treat actor Storm-0978 (also known as DEV-0978 or RomCom) against defense and government entities in Europe and North America.
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36884
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
Remote code execution in Microsoft Outlook
CVE-2023-35311
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to click on a specially crafted URL, bypass the Microsoft Outlook Security Notice prompt and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Outlook
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311
Privilege escalation in Microsoft Windows Error Reporting Service
CVE-2023-36874
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Error Reporting Service. A local user can use a specially crafted performance trace to trigger memory corruption and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874
Security restrictions bypass in Windows SmartScreen
CVE-2023-32049
Security features bypass
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper validation of URLs in Windows SmartScreen. A remote attacker can trick the victim to visit a specially crafted URL, bypass the Open File - Security Warning prompt and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32049
Remote code execution in Windows MSHTML Platform
CVE-2023-32046
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in Windows MSHTML Platform. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Internet Explorer
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046
Remote code execution in Apple iOS 16 and iPadOS 16
CVE-2023-37450
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
http://support.apple.com/en-us/HT213823
Improper authorization in Ultimate Member plugin for WordPress
CVE-2023-3460
Improper Authorization
The vulnerability allows a remote attacker to compromise the affected website.
The vulnerability exists due to improper authorization within the registration functionality. A remote non-authenticated attacker can register a rouge administrative account and compromise the web application.
Note, the vulnerability is being actively exploited in the wild.
Software: Ultimate Member – User Profile & Membership Plugin
Links:
https://wordpress.org/support/topic/security-issue-144/#post-16859857
Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2023-32435
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213811
Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2023-32439
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to open a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213811
Multiple vulnerabilities in Apple iOS and iPadOS
CVE-2023-32434
Integer overflow
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an integer overflow within the OS kernel. A local application can trigger an integer overflow and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213811
Multiple vulnerabilities in Google Pixel
CVE-2023-21237
Information exposure
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
Note, the vulnerability is being actively exploited in the wild.
Software: Pixel
Links:
https://source.android.com/docs/security/bulletin/pixel/2023-06-01
Authentication bypass in VMware Tools
CVE-2023-20867
Improper Authentication
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the vgauth module. An attacker who compromised the ESXi host can bypass authentication process and execute privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs.
Note, the vulnerability is being actively exploited in the wild by the UNC3886 APT actor.
The vulnerability is known to be exploited by the UNC3886 APT actor.
Software: VMware Tools
The vulnerability is known to be exploited by the UNC3886 APT actor.
Links:
https://www.vmware.com/security/advisories/VMSA-2023-0013.html
https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
Unauthenticated remote code execution in FortiOS and FortiProxy SSL-VPN
CVE-2023-27997
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the SSL-VPN feature. A remote non-authenticated attacker can send specially crafted requests to the SSL-VPN interface, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: FortiOS
Remote code execution in acme.sh
CVE-2023-38198
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when parsing certificates. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Note, exploitation of this vulnerability has been observed in the wild by compromised HiCA servers.
The vulnerability was exploited through the Chinese intermediary HiCA who claims to be compromised.
Software: acme.sh
The vulnerability was exploited through the Chinese intermediary HiCA who claims to be compromised.
Links:
https://twitter.com/aleksejspopovs/status/1666955050696966148
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/heXVr8o83Ys
https://github.com/acmesh-official/acme.sh/issues/4659
Remote code execution in Google Chrome
CVE-2023-3079
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
SQL injection in MOVEit Transfer
CVE-2023-34362
SQL injection
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Note, the vulnerability is being actively exploited in the wild.
Software: MOVEit Transfer
Links:
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Backdoor in Gigabyte UEFI firmware
Embedded malicious code (backdoor)
The vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to presence of embedded malicious functionality (aka backdoor) in the UEFI firmware that was downloaded from the official website using the Gigabyte's App Center. This allows a remote attacker to gain full control over the system.
Note, the vulnerability is being actively exploited in the wild.
Software: UEFI firmware
Missing authorization in Emby Server
Missing Authorization
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insecure default configuration. A remote non-authenticated attacker can send a specially crafted request to the server and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Emby Server
Links:
https://emby.media/support/articles/advisory-23-05.html
Remote code execution in Barracuda Email Security Gateway appliance (ESG)
CVE-2023-2868
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing .tar archives during email attachment screening. A remote unauthenticated attacker can send a specially crafted email with a malicious attachment to the appliance and execute arbitrary Perl commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Email Security Gateway (ESG)
Links:
https://www.barracuda.com/company/legal/esg-vulnerability
Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-32373
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213757
Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-28204
Out-of-bounds read
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can trick the victim to visit a specially crafted webpage, trigger an out-of-bounds read error and read contents of memory on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213757
Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-32409
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and break out of Web Content sandbox.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213757
Secure boot bypass in Microsoft Windows
CVE-2023-24932
Security features bypass
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper implementation of the Secure Boot feature. An attacker with physical access to the system or a local user with Administrative rights can bypass Secure Boot.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24932
Privilege escalation in Microsoft Windows Win32k driver
CVE-2023-29336
Use-after-free
The vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a boundary error within the Win32k driver. A
local user can trigger a use-after-free error and execute arbitrary code
with SYSTEM privileges.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336
Multiple vulnerabilities in Samsung Mobile Firmware
CVE-2023-21492
Inclusion of sensitive information in log files
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to kernel pointers are printed into the log file. A local application can read the log file and use the kernel pointers to bypass ASLR protection.
Note, the vulnerability is being exploited in the wild.
Software: Samsung Mobile Firmware
Links:
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05
Multiple vulnerabilities in Google Chrome
CVE-2023-2136
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Skia component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Remote code execution in Google Chrome
CVE-2023-2033
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
Privilege escalation in Microsoft Windows Common Log File System Driver
CVE-2023-28252
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows Common Log File System Driver. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
According to Kaspersky, the vulnerability has been exploited in February 2023 against small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions.
Software: Windows
Known/fameous malware:
Nokoyawa ransomware
Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-28205
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213720
Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-28206
Out-of-bounds write
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in IOSurfaceAccelerator. A local application can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213720
Backdoor in 3CX Electron desktop app for Windows and Mac
CVE-2023-29059
Embedded malicious code (backdoor)
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.
Software: Electron Mac App, Electron Windows App
Links:
https://www.3cx.com/blog/news/desktopapp-security-alert/
Information disclosure in ARM Mali GPU kernel drivers
CVE-2023-26083
Memory leak
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due memory leak. A local application can force the driver to leak memory and gain access to sensitive information.
Note, this vulnerability is being actively exploited in the wild.
The vulnerability was used as part of exploitation chain against Samsung Internet Browser and targeted victims in December 2022 with one-time links sent via SMS to devices located in the United Arab Emirates (UAE).
Software: Valhall GPU Kernel Driver, Bifrost GPU Kernel Driver, Midgard GPU Kernel Driver
The vulnerability was used as part of exploitation chain against Samsung Internet Browser and targeted victims in December 2022 with one-time links sent via SMS to devices located in the United Arab Emirates (UAE).
Links:
https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
Remote code execution in Dream Security MagicLine4NX
CVE-2023-45797
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: MagicLine4NX
Links:
https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71023&menuNo=205020
Remote code execution in General Bytes Crypto Application Server (CAS)
Improper access control
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper access restrictions in the master service interface on port 7741/TCP. A remote attacker can send a specially crafted request to the affected server and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Crypto Application Server (CAS)
Links:
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023
Remote code execution in General Bytes Crypto Application Server (CAS)
CVE-2023-26360
Improper access control
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
Note, the vulnerability is being actively exploited in the wild.
Software: ColdFusion
Multiple vulnerabilities in Adobe ColdFusion
CVE-2023-26359
Deserialization of Untrusted Data
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: ColdFusion
Net-NTLMv2 hash leak in Microsoft Outlook
CVE-2023-23397
Information disclosure
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to the application leaks the Net-NTLMv2 hash. A remote attacker can send a specially crafted email to the victim and obtain the Net-NTLMv2 hash of the Windows account. The victim does not need to open the email, as the vulnerability is triggered automatically when it is retrieved and processed by the email server, e.g. before the email is viewed in the preview pane.
The obtained NTLMv2 hash can be used in the NTLM Relay attack against another service to authenticate as the user.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Outlook
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397
SmartScreen security feature bypass in Microsoft Windows
CVE-2023-24880
Security features bypass
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of the Windows SmartScreen Security Feature. A remote attacker can trick the victim to open a specially crafted file and bypass the Mark of the Web (MOTW) defenses.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880
Privilege escalation in FortiOS
CVE-2022-41328
Path traversal
The vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing certain CLI command. A local user can read and write arbitrary files on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: FortiOS
Multiple vulnerabilities in Google Android
CVE-2023-20963
Permissions, Privileges, and Access Controls
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Android Framework. A local application can escalate privileges on the device.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Android
Known/fameous malware:
Pinduoduo backdoor
Links:
Privilege escalation in Microsoft Windows Graphics Component
CVE-2023-21823
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Graphics Component. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21823
Privilege escalation in Windows Common Log File System Driver
CVE-2023-23376
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows Common Log File System Driver. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23376
Remote code execution in Microsoft Publisher
CVE-2023-21715
Security features bypass
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error when processing files. A remote attacker can trick the victim to open a specially crafted file, bypass Office macro policies used to block untrusted or malicious files and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Publisher
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21715
Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
CVE-2023-23529
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when parsing web content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Known/fameous malware:
PWNYOURHOME
Links:
https://support.apple.com/en-us/HT213635
https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/
Remote code execution in GoAnywhere MFT
CVE-2023-0669
Deserialization of Untrusted Data
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data passed to the "/goanywhere/lic/accept" HTTP endpoint of the administrative web interface. A remote attacker can send a specially crafted HTTP request to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: GoAnywhere MFT
Links:
https://infosec.exchange/@briankrebs/109795710941843934
Use-after-free in Linux kernel
CVE-2023-0266
Use-after-free
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_ctl_elem_read() function in the Linux kernel sound subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Linux kernel
Privilege escalation in Windows Advanced Local Procedure Call (ALPC)
CVE-2023-21674
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Advanced Local Procedure Call (ALPC). A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21674