Overview On March 15, NSFOCUS CERT monitored that Microsoft had released a security update patch for March, which fixed 82 security issues, involving widely used products such as Windows Hyper-V, Microsoft Outlook, Windows HTTP Protocol Stack, Microsoft Graphics, Microsoft Excel, etc., including high-risk vulnerability types such as privilege enhancement, remote...
Category: Emergency Response
Apache Dubbo Deserialization Vulnerability Notice (CVE-2023-23638)
Overview Recently, NSFOCUS CERT detected that Apache officially issued a security notice, fixing an Apache Dubbo deserialization vulnerability (CVE-2023-23638). Due to the flaws in Apache Dubbo's deserialization security check, remote attackers can construct malicious data packets to conduct deserialization attacks, and finally execute arbitrary code on the target system. Affected...
Fortinet FortiOS and FortiProxy Remote Code Execution Vulnerability Notice (CVE-2023-25610)
Overview Recently, NSFOCUS CERT found that Fortinet officially issued a security notice to fix a Fortinet FortiOS and FortiProxy remote code execution vulnerability (CVE-2023-25610). Due to the heap buffer underflow flaw in the management interface of FortiOS and FortiProxy, an unauthenticated remote attacker can execute arbitrary code on the target...
Multiple Apache HTTP Server Security Vulnerabilities
Overview Recently, NSFOCUS CERT found that Apache has issued an official security notice to fix multiple Apache HTTP Server vulnerabilities. Affected users should take protective measures as soon as possible. Apache HTTP Server Request Smuggling Vulnerability (CVE-2023-25690): When mod_ When proxy is enabled with some form of RewriteRule or ProxyPassMatch,...
Microsoft Word Remote Code Execution Vulnerability (CVE-2023-21716)
Overview Recently, NSFOCUS CERT found the PoC that disclosed Microsoft Word remote execution code vulnerability (CVE-2023-21716) on the Internet. Because the RTF parser in Microsoft Word will trigger a heap corruption vulnerability when processing a font table (* fonttbl *) that contains too many fonts (* f # # #...
GitLab Cross-Site Scripting (XSS) Vulnerability (CVE-2023-0050)
Overview Recently, NSFOCUS CERT found that GitLab has issued an official security notice to fix a cross-site scripting vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) (CVE-2023-0050). A remote attacker with low privileges can cause the client to store XSS through a specially crafted Kroki diagram, and finally...
