Overview On April 17, NSFOCUS CERT found that Google officially fixed a Chrome V8 type confusion vulnerability (CVE-2023-2033). Due to flaws in the verification of the data type being used by the application, type confusion can occur during the process. Attackers can trigger this vulnerability by sending a crafted link that successfully induces users to […]
Overview NSFOCUS CERT recently monitored that Microsoft had released a security update patch for April, which fixed 97 security issues, involving Microsoft Word, Layer2 Tunneling Protocol, Microsoft Publisher, Windows Kernel and other widely used products, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly updates […]
Overview Recently, NSFOCUS CERT has detected that Apple has officially fixed the security vulnerabilities of several products. Please take protective measures as soon as possible. The details of the vulnerability are as follows: Apple IOSurfaceAccelerator privilege escalation vulnerability (CVS 2023-28206): There is an out of bounds write vulnerability in Apple IOSurfaceAccelerator, which allows unauthenticated attackers […]
Overview Recently, NSFOCUS CERT found that the analysis article and ExP of Sudo privilege enhancement vulnerability (CVE-2023-22809) were publicly disclosed online. Since sudoedit in Sudo has a flaw in handling additional parameters passed in user provided environment variables such as SUDO_EDITOR, VISUAL, and EDITOR., when a user specified editor contains a “–” parameter that bypasses […]
Overview Recently, NSFOCUS CERT found that MinIO officially issued a security notice, which fixed a MinIO information disclosure vulnerability (CVE-2023-28432). When MiniO is configured in cluster mode, an unauthenticated attacker can ultimately obtain information about all environment variables by constructing a crafted request packet, which allows the attacker to utilize the MINIO_ SECRET_ KEY&MINIO_ ROOT_ […]
Vulnerability Overview Recently, NSFOCUS CERT monitored that Adobe has officially released security notices and fixed multiple Adobe ColdFusion vulnerabilities. Please take protective measures as soon as possible. Key vulnerabilities are as follows: Adobe ColdFusion deserialization vulnerability (CVE-2023-26359): Due to a flaw in Adobe ColdFusion’s deserialization security check, unauthenticated remote attackers can conduct deserialization attacks by […]
Overview Recently, NSFOCUS CERT has monitored that Microsoft has officially released a patch update, which fixes a Microsoft Outlook privilege escalation vulnerability. An unauthenticated attacker sends a specially crafted email, causing the victim to connect to an external UNC location controlled by the attacker, causing the victim’s Net-NTLMv2 hash to be disclosed to the attacker. […]
Overview On March 15, NSFOCUS CERT monitored that Microsoft had released a security update patch for March, which fixed 82 security issues, involving widely used products such as Windows Hyper-V, Microsoft Outlook, Windows HTTP Protocol Stack, Microsoft Graphics, Microsoft Excel, etc., including high-risk vulnerability types such as privilege enhancement, remote code execution, etc. Among the […]
Overview Recently, NSFOCUS CERT detected that Apache officially issued a security notice, fixing an Apache Dubbo deserialization vulnerability (CVE-2023-23638). Due to the flaws in Apache Dubbo’s deserialization security check, remote attackers can construct malicious data packets to conduct deserialization attacks, and finally execute arbitrary code on the target system. Affected users are requested to take […]
Overview Recently, NSFOCUS CERT found that Fortinet officially issued a security notice to fix a Fortinet FortiOS and FortiProxy remote code execution vulnerability (CVE-2023-25610). Due to the heap buffer underflow flaw in the management interface of FortiOS and FortiProxy, an unauthenticated remote attacker can execute arbitrary code on the target device or perform a DoS […]
