Zero-day vulnerabilities discovered: 98
Exposed dangerous method or function
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation within the third-party Perl library Spreadsheet::ParseExcel used to parse Excel files. A remote attacker can send a specially crafted email with a malicious file inside and execute arbitrary code on the device.
Note, the vulnerability is being actively exploited in the wild.
It is believed that behind vulnerability exploitation is the China nexus actor tracked as UNC4841.
Software: Email Security Gateway (ESG)
Known/fameous malware:
SEASPY, SALTWATER
It is believed that behind vulnerability exploitation is the China nexus actor tracked as UNC4841.
Links:
https://www.barracuda.com/company/legal/esg-vulnerability
Heap-based buffer overflow
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebRTC. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
Embedded malicious code (backdoor)
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to drain crypto assets from users' wallets.
Note, the vulnerability is being actively exploited in the wild.
Software: connect-kit
Links:
https://twitter.com/Ledger/status/1735291427100455293
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within QNAP VioStor NVR models running QVR firmware. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild by the Mirai-based botnet named InfectedSlurs.
Software: QVR
Known/fameous malware:
InfectedSlurs
Links:
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote user on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild by the Mirai-based botnet named InfectedSlurs.
Software: AE1021
Known/fameous malware:
InfectedSlurs
Links:
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Out-of-bounds read
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Skia component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
Use of default credentials
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to Unitronics Vision Series PLCs and HMIs use default administrative passwords. A remote attacker with network access to a PLC or HMI can gain administrative control over the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Unitronics Vision
Links:
https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows DWM Core Library. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36033
Security features bypass
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in Windows SmartScreen feature. A remote attacker can trick the victim to click on a specially crafted .url file and execute arbitrary code on the system.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36025
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows Cloud Files Mini Filter Driver. A local user trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36036
Path traversal
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can upload and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild by the Lace Tempest (DEV-0950) actor.
The vulnerability was exploited by the Lace Tempest (DEV-0950) APT actor.
Software: SysAid
The vulnerability was exploited by the Lace Tempest (DEV-0950) APT actor.
Links:
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
Out-of-bounds write
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the DCERPC protocol implementation. A remote non-authenticated attacker can send a specially crafted RPC request to the vCenter Server, trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild since late 2021.
The vulnerability was used since late 2021 by a Chinese threat actor UNC3886.
Software: vCenter Server
Known/fameous malware:
VIRTUALPITA, VIRTUALPIE
Links:
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote non-authenticated attacker can send specially crafted data to the device, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as AAAvirtualserver.
Note, the vulnerability is being actively exploited in the wild since August 2023.
Software: Citrix NetScaler Gateway
Links:
Improper Privilege Management
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper privilege management in the web UI feature. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected device and create an account with privilege level 15 access.
Note, the vulnerability is being actively exploited in the wild.
Software: Cisco IOS XE
Links:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Arbitrary file upload
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.
Note, the vulnerability is being actively exploited in the wild.
Software: Royal Elementor Addons
Links:
https://www.wordfence.com/blog/2023/10/psa-critical-unauthenticated-arbitrary-file-upload-vulnerability-in-royal-elementor-addons-and-templates-being-actively-exploited/
Cross-site scripting
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing SVG files in program/lib/Roundcube/rcube_washtml.php. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note, the vulnerability is being actively exploited in the wild.
Software: Roundcube
Information disclosure
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to disclosure of NTLM hashes in WordPad. A remote attacker can trick the victim to open a specially crafted file and gain access to sensitive information.
Note, the vulnerability is being exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36563
Information disclosure
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to IP addresses or port numbers or both to the attacker.
Note, the vulnerability is being actively exploited in the wild.
Software: Skype for Business Server
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-41763
Improper Authentication
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to missing authentication at the "/setup/setupadministrator.action" endpoint. A remote non-authenticated attacker can send specially crafted requests to the server to create an administrative account and gain unauthorized access to the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Confluence Data Center
Links:
https://jira.atlassian.com/browse/CONFSERVER-92475
Buffer overflow
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213961
Use-after-free
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error during a remote call from HLOS to DSP. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Firmware
Integer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow while assigning shared virtual memory region during IOCTL call. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Firmware
Use of Out-of-range Pointer Offset
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Firmware
Heap-based buffer overflow
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in vp8 encoding in libvpx. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
Out-of-bounds write
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to┬аinsufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols within the Cisco Group Encrypted Transport VPN (GET VPN) feature. A remote authenticated user with administrative control of either a group member or a key server can trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability has been exploited in the wild.
Software: Cisco IOS
Links:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx
Input validation error
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local application can execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213927
OS Command Injection
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation within the third-party AV uninstaller module shipped with the software. A local user can execute arbitrary commands with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apex One
Links:
https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
Use-after-free
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within Mali GPU Kernel Driver. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Pixel
Links:
https://source.android.com/docs/security/bulletin/pixel/2023-09-01
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Microsoft Streaming Service Proxy. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36802
Information disclosure
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application ca reveal sensitive information to a third-party. A remote attacker can trick the victim to open or preview a specially crafted file and obtain NTLM hash of the current account.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Word
Links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36761
Out-of-bounds write
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Adobe Reader
Links:
https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in Wallet. A remote attacker can trick the victim to open a specially crafted attachment and execute arbitrary code on the system.
Note, the vulnerability is being exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213905
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ImageIO subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213905
Authentication bypass using an alternate path or channel
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. A remote user can perform a brute-force attack and establish a clientless SSL VPN session with an unauthorized user.
Note, the vulnerability is being actively exploited in the wild.
Software: Cisco Adaptive Security Appliance (ASA)
Improper input validation
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Android
Improper Authentication
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing authentication on certain APIs. A remote attacker can send a specially crafted HTTP request to port 8443/TCP, bypass authentication process and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: MobileIron Sentry
Links:
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
Path traversal
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote non-authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Note, the vulnerability is being actively exploited in the wild.
Links:
https://safe-surf.ru/specialists/news/697426/
Input validation error
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted input to the application and perform a denial of service (DoS) attack.
Note, the vulnerability is being actively exploited in the wild.
Software: ASP.NET Core
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of file names inside .zip archives. A remote attacker can create a specially crafted archive that contains executable malicious files and spoof their file extension to look like .jpeg or .txt.
Note, the vulnerability is being actively exploited in the wild as of April 2023.
Software: WinRAR
Known/fameous malware:
DarkMe, GuLoader, RAT
Cleartext transmission of sensitive information
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to software uses insecure communication channel within the software update functionality. A remote attacker with ability to intercept network traffic can perform MitM attack during software update and swap the update package with malicious files.
Note, the vulnerability is being actively exploited in the wild.
Software: eScan
Known/fameous malware:
GuptiMiner
Links:
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
Path traversal
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote privileged user can send a specially crafted HTTP request and overwrite arbitrary files and compromise the affected system.
Note, this vulnerability is being actively exploited in the wild.
Software: Endpoint Manager Mobile (formerly MobileIron Core)
Links:
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
Improper Authentication
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an unspecified error in the authentication process. A remote attacker can bypass authentication and gain unauthorized access to the application.
Note, the vulnerability is being actively exploited in the wild as per Ivanti customers. The company at the moment did not comment on the incident and concealed all information about this vulnerability.
Software: Endpoint Manager Mobile (formerly MobileIron Core)
Links:
https://www.bleepingcomputer.com/news/security/ivanti-patches-mobileiron-zero-day-bug-exploited-in-attacks/
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in FontParser. A remote attacker can trick the victim to open a specially crafted file or visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Buffer overflow
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213842
Improper access control
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote non-authenticated attacker can bypass implemented security restrictions and gain unauthorized access to the application.
Note, the vulnerability is being actively exploited in the wild.
Software: ColdFusion
Links:
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html
Code Injection
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAAтАпvirtualтАпserver. A remote non-authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Citrix Netscaler ADC
Links:
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
Cross-site scripting
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Zimbra Classic Web Client. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note, the vulnerability is being exploited in the wild.
Software: Zimbra Collaboration
Out-of-bounds write
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing CIP messages. A remote attacker can send specially crafted CIP messages to ports 44818/TCP or 2222/UDP, trigger an out-of-bounds write and execute arbitrary code.
Note, the vulnerability is most likely being exploited in the wild.
Software: 1756-EN2T Series A
Links:
https://www.dragos.com/blog/mitigating-cves-impacting-rockwell-automation-controllogix-firmware/
https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01
https://www.bleepingcomputer.com/news/security/rockwell-warns-of-new-apt-rce-exploit-targeting-critical-infrastructure/
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when handling cross-protocol file navigation. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
The vulnerability was exploited by the treat actor Storm-0978 (also known as DEV-0978 or RomCom) against defense and government entities in Europe and North America.
Software: Windows
The vulnerability was exploited by the treat actor Storm-0978 (also known as DEV-0978 or RomCom) against defense and government entities in Europe and North America.
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36884
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
Input validation error
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to click on a specially crafted URL, bypass the Microsoft Outlook Security Notice prompt and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Outlook
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Error Reporting Service. A local user can use a specially crafted performance trace to trigger memory corruption and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874
Security features bypass
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper validation of URLs in Windows SmartScreen. A remote attacker can trick the victim to visit a specially crafted URL, bypass the Open File - Security Warning prompt and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32049
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in Windows MSHTML Platform. A remote attacker can trick the victim to open a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Internet Explorer
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
http://support.apple.com/en-us/HT213823
Improper Authorization
The vulnerability allows a remote attacker to compromise the affected website.
The vulnerability exists due to improper authorization within the registration functionality. A remote non-authenticated attacker can register a rouge administrative account and compromise the web application.
Note, the vulnerability is being actively exploited in the wild.
Software: Ultimate Member - User Profile & Membership Plugin
Links:
https://wordpress.org/support/topic/security-issue-144/#post-16859857
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213811
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to open a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213811
Integer overflow
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an integer overflow within the OS kernel. A local application can trigger an integer overflow and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213811
Information exposure
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
Note, the vulnerability is being actively exploited in the wild.
Software: Pixel
Links:
https://source.android.com/docs/security/bulletin/pixel/2023-06-01
Improper Authentication
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the vgauth module. An attacker who compromised the ESXi host can bypass authentication process and execute privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs.
Note, the vulnerability is being actively exploited in the wild by the UNC3886 APT actor.
The vulnerability is known to be exploited by the UNC3886 APT actor.
Software: VMware Tools
The vulnerability is known to be exploited by the UNC3886 APT actor.
Links:
https://www.vmware.com/security/advisories/VMSA-2023-0013.html
https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the SSL-VPN feature. A remote non-authenticated attacker can send specially crafted requests to the SSL-VPN interface, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: FortiOS
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when parsing certificates. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Note, exploitation of this vulnerability has been observed in the wild by compromised HiCA servers.
The vulnerability was exploited through the Chinese intermediary HiCA who claims to be compromised.
Software: acme.sh
The vulnerability was exploited through the Chinese intermediary HiCA who claims to be compromised.
Links:
https://twitter.com/aleksejspopovs/status/1666955050696966148
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/heXVr8o83Ys
https://github.com/acmesh-official/acme.sh/issues/4659
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
SQL injection
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Note, the vulnerability is being actively exploited in the wild.
Software: MOVEit Transfer
Links:
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Embedded malicious code (backdoor)
The vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to presence of embedded malicious functionality (aka backdoor) in the UEFI firmware that was downloaded from the official website using the Gigabyte's App Center. This allows a remote attacker to gain full control over the system.
Note, the vulnerability is being actively exploited in the wild.
Software: UEFI firmware
Missing Authorization
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insecure default configuration. A remote non-authenticated attacker can send a specially crafted request to the server and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Emby Server
Links:
https://emby.media/support/articles/advisory-23-05.html
OS Command Injection
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing .tar archives during email attachment screening. A remote unauthenticated attacker can send a specially crafted email with a malicious attachment to the appliance and execute arbitrary Perl commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Email Security Gateway (ESG)
Links:
https://www.barracuda.com/company/legal/esg-vulnerability
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213757
Out-of-bounds read
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can trick the victim to visit a specially crafted webpage, trigger an out-of-bounds read error and read contents of memory on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213757
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and break out of Web Content sandbox.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213757
Security features bypass
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper implementation of the Secure Boot feature. An attacker with physical access to the system or a local user with Administrative rights can bypass Secure Boot.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24932
Use-after-free
The vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a boundary error within the Win32k driver. A
local user can trigger a use-after-free error and execute arbitrary code
with SYSTEM privileges.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336
Inclusion of sensitive information in log files
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to kernel pointers are printed into the log file. A local application can read the log file and use the kernel pointers to bypass ASLR protection.
Note, the vulnerability is being exploited in the wild.
Software: Samsung Mobile Firmware
Links:
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Skia component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows Common Log File System Driver. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
According to Kaspersky, the vulnerability has been exploited in February 2023 against small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions.
Software: Windows
Known/fameous malware:
Nokoyawa ransomware
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213720
Out-of-bounds write
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in IOSurfaceAccelerator. A local application can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Links:
https://support.apple.com/en-us/HT213720
Embedded malicious code (backdoor)
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.
Software: Electron Mac App, Electron Windows App
Links:
https://www.3cx.com/blog/news/desktopapp-security-alert/
Memory leak
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due memory leak. A local application can force the driver to leak memory and gain access to sensitive information.
Note, this vulnerability is being actively exploited in the wild.
The vulnerability was used as part of exploitation chain against Samsung Internet Browser and targeted victims in December 2022 with one-time links sent via SMS to devices located in the United Arab Emirates (UAE).
Software: Valhall GPU Kernel Driver, Bifrost GPU Kernel Driver, Midgard GPU Kernel Driver
The vulnerability was used as part of exploitation chain against Samsung Internet Browser and targeted victims in December 2022 with one-time links sent via SMS to devices located in the United Arab Emirates (UAE).
Links:
https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: MagicLine4NX
Links:
https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71023&menuNo=205020
Improper access control
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper access restrictions in the master service interface on port 7741/TCP. A remote attacker can send a specially crafted request to the affected server and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Crypto Application Server (CAS)
Links:
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023
Improper access control
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
Note, the vulnerability is being actively exploited in the wild.
Software: ColdFusion
Deserialization of Untrusted Data
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: ColdFusion
Information disclosure
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to the application leaks the Net-NTLMv2 hash. A remote attacker can send a specially crafted email to the victim and obtain the Net-NTLMv2 hash of the Windows account. The victim does not need to open the email, as the vulnerability is triggered automatically when it is retrieved and processed by the email server, e.g. before the email is viewed in the preview pane.
The obtained NTLMv2 hash can be used in the NTLM Relay attack against another service to authenticate as the user.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Outlook
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397
Security features bypass
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of the Windows SmartScreen Security Feature. A remote attacker can trick the victim to open a specially crafted file and bypass the Mark of the Web (MOTW) defenses.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880
Path traversal
The vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing certain CLI command. A local user can read and write arbitrary files on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: FortiOS
Permissions, Privileges, and Access Controls
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Android Framework. A local application can escalate privileges on the device.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Android
Known/fameous malware:
Pinduoduo backdoor
Links:
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Graphics Component. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21823
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Windows Common Log File System Driver. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-23376
Security features bypass
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error when processing files. A remote attacker can trick the victim to open a specially crafted file, bypass Office macro policies used to block untrusted or malicious files and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Microsoft Publisher
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21715
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when parsing web content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Software: Apple iOS
Known/fameous malware:
PWNYOURHOME
Links:
https://support.apple.com/en-us/HT213635
https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/
Deserialization of Untrusted Data
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data passed to the "/goanywhere/lic/accept" HTTP endpoint of the administrative web interface. A remote attacker can send a specially crafted HTTP request to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: GoAnywhere MFT
Links:
https://infosec.exchange/@briankrebs/109795710941843934
Use-after-free
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_ctl_elem_read() function in the Linux kernel sound subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Linux kernel
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Advanced Local Procedure Call (ALPC). A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21674