Overview Recently, NSFOCUS CERT found that an Apache Druid remote code execution vulnerability was publicly disclosed online. Under default configuration, Apache Druid supports loading data from Kafka. Unauthenticated remote attackers can implement JNDI injection attacks by modifying Kafka connection configuration properties, ultimately leading to the execution of arbitrary code on...
Category: Emergency Response
Google Chrome Skia Integer Overflow Vulnerability (CVS 2023-2136) Notice
Overview Recently, NSFOCUS CERT found that Google officially fixed an integer overflow vulnerability in Chrome Skia (CVE-2023-2136). Due to a flaw in Skia, when the value exceeds the maximum limit of integer type due to arithmetic operations, an integer overflow will occur. The attacker triggers this vulnerability by inducing users...
Oracle WebLogic Server Remote Code Execution Vulnerability (CVS 2023-21931) Notice
Overview Recently, NSFOCUS CERT found that Oracle officially issued a security notice to fix a remote code execution vulnerability in Oracle WebLogic Server (CVE-2023-21931). Due to a flaw in the getObject Instance () method of the WLNamingManager class in WebLogic, in the default configuration, unauthenticated remote attackers can pass in...
Apache Solr Remote Code Execution Vulnerability (CNVD-2023-27598) Notice
Overview Recently, NSFOCUS CERT found that the analysis article of Apache Solr remote code execution vulnerability was publicly disclosed on the Internet. When Solr is launched in cloud mode and can go offline, an unauthenticated remote attacker can execute arbitrary code on the target system by sending multiple specially crafted...
Google Chrome V8 Type Confusion Vulnerability (CVE-2023-2033) Notice
Overview On April 17, NSFOCUS CERT found that Google officially fixed a Chrome V8 type confusion vulnerability (CVE-2023-2033). Due to flaws in the verification of the data type being used by the application, type confusion can occur during the process. Attackers can trigger this vulnerability by sending a crafted link...
Microsoft’s April security update for multiple high-risk product vulnerabilities
Overview NSFOCUS CERT recently monitored that Microsoft had released a security update patch for April, which fixed 97 security issues, involving Microsoft Word, Layer2 Tunneling Protocol, Microsoft Publisher, Windows Kernel and other widely used products, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities...
