Overview Recently, NSFOCUS CERT detected that Apple has officially fixed a 0-day vulnerability in Apple WebKit. Remote attackers can trigger this vulnerability by inducing the victim to open a specially crafted web page, which can ultimately enable the execution of arbitrary code on the target system. At present, the vulnerability...
Categoria: Emergency Response
GitLab Unauthorized Access Vulnerability (CVS 2023-3484) Notification
Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, which fixed an unauthorized access vulnerability in Gitlab EE. In some cases, remote attackers with low privileges can change the name or path of a public top-level group beyond their authority. The CVSS score is 8.0. Affected users...
Grafana Identity Authentication Bypass Vulnerability (CVS 2023-3128) Notification
Overview Recently, NSFOCUS CERT detected a vulnerability in Grafana's authentication bypass (CVE-2023-3128). Azure AD can support multiple users with the same email address. When configuring Azure AD to support multiple users, unauthenticated attackers can exploit this vulnerability by creating malicious email account requests. Due to Grafana's failure to uniquely authenticate...
VMware vCenter Server Multiple High Risk Vulnerabilities Notification
Overview Recently, NSFOCUS CERT found that VMware's official security announcement disclosed multiple vulnerabilities in VMware vCenter Server, which could be used by attackers to cause remote code execution, cross-border write and read, etc. Currently, the official version has been updated and fixed. Affected users should take protective measures as soon...
Fortinet FortiNAC Remote Code Execution Vulnerability (CVS 2023-33299) Notification
Overview Recently, NSFOCUS CERT monitored that Fortinet officially fixed a Fortinet FortinaC remote code execution vulnerability (CVE-2023-33299). Unauthenticated remote attackers can exploit this vulnerability by sending a customized request to the service running on TCP port 1050, and an attacker who successfully exploits this vulnerability can execute arbitrary code on...
VMware Aria Operations for Networks Remote Code Execution Vulnerability (CVS 2023-20887) Notification
Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in VMware Aria Operations for Networks. Due to a specific flaw in the createSupportBundle method, the string entered by the user is not properly validated when executing system calls. Unauthenticated remote attackers can exploit this vulnerability through command injection, ultimately...
