Overview Recently, NSFOCUS CERT monitored that JumpServer officially issued a notice to fix multiple security vulnerabilities. The vulnerabilities are detailed below. JumpServer Reset Password Vulnerability (CVS 2023-42820): There is a password reset vulnerability in JumpServer, as third-party libraries expose random seed numbers to APIs, which may cause random verification codes...
Categoria: Emergency Response
Google LibWebP Arbitrary Code Execution Vulnerability (CVE-2023-5129) Notification
Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it...
Apple Multiple Product Security Vulnerabilities Notification
Overview Recently, NSFOCUS CERT has detected that Apple has officially fixed three zero-day exploit in multiple products. These vulnerabilities exist in the wild. Affected users should take protective measures as soon as possible. The details of the vulnerability are as follows: Apple WebKit Arbitrary Code Execution Vulnerability (CVS 2023-41993): There...
GitLab Unauthorized Call Vulnerability (CVC-2023-5009) Notification
Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed an unauthorized call vulnerability in GitLab Enterprise Edition (EE). The vulnerability is a bypass of CVE-2023-3932. An attacker with low privileges can abuse the scan execution policy to run pipelines without the user's consent. Successful exploitation...
Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability (CVE-2023-26369) Notification
Overview Recently, NSFOCUS CERT monitored Adobe's official security announcement and fixed an arbitrary code execution vulnerability (CVE-2023-26369). Due to a cross-border write flaw, an unauthenticated attacker could finally execute arbitrary code on the target system by exploiting this vulnerability. This vulnerability is being exploited in the wild. Affected users should...
Microsoft September Security Updates for Multiple High-Risk Product Vulnerabilities
Overview On September 13, NSFOCUS CERT found that Microsoft had released a security update patch for September, fixing 61 security issues, involving Microsoft SharePoint Server, Visual Studio, Internet Connection Sharing (ICS), Microsoft Azure Kubernetes Service, Microsoft Exchange and other widely used products, including high-risk vulnerability types such as privilege enhancement,...
