Resposta de Emergência

Overview Recently, NSFOCUS CERT monitored that JumpServer officially issued a notice to fix multiple security vulnerabilities. The vulnerabilities are detailed below. JumpServer Reset Password Vulnerability (CVS 2023-42820): There is a password reset vulnerability in JumpServer, as third-party libraries expose random seed numbers to APIs, which may cause random verification codes to be replayed. Unauthenticated remote […]

Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it has been detected that the […]

Overview Recently, NSFOCUS CERT has detected that Apple has officially fixed three zero-day exploit in multiple products. These vulnerabilities exist in the wild. Affected users should take protective measures as soon as possible. The details of the vulnerability are as follows: Apple WebKit Arbitrary Code Execution Vulnerability (CVS 2023-41993): There is an arbitrary code execution […]

Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed an unauthorized call vulnerability in GitLab Enterprise Edition (EE). The vulnerability is a bypass of CVE-2023-3932. An attacker with low privileges can abuse the scan execution policy to run pipelines without the user’s consent. Successful exploitation of this vulnerability may allow […]

Overview Recently, NSFOCUS CERT monitored Adobe’s official security announcement and fixed an arbitrary code execution vulnerability (CVE-2023-26369). Due to a cross-border write flaw, an unauthenticated attacker could finally execute arbitrary code on the target system by exploiting this vulnerability. This vulnerability is being exploited in the wild. Affected users should take protective measures as soon […]

Overview On September 13, NSFOCUS CERT found that Microsoft had released a security update patch for September, fixing 61 security issues, involving Microsoft SharePoint Server, Visual Studio, Internet Connection Sharing (ICS), Microsoft Azure Kubernetes Service, Microsoft Exchange and other widely used products, including high-risk vulnerability types such as privilege enhancement, remote code execution, etc. Among […]

Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it has been detected that the […]

Overview Recently, NSFOCUS CERT has detected that Apple has officially repaired two 0day vulnerabilities in multiple Apple products. At present, it has detected that there are uses in wild. Affected users should take protective measures as soon as possible. The details of the vulnerability are as follows: Apple ImageIO Remote Code Execution Vulnerability (CVS 2023-41064): […]

Overview Recently, NSFOCUS CERT has monitored that Google Chrome has officially released security announcements and fixed several security vulnerabilities. The key vulnerabilities are as follows: Google Chrome Cross Border Read Vulnerability (CVE-2023-4761): Due to an out of bounds memory read vulnerability in Google Chrome FebCM, attackers who can disrupt the renderer process can perform out […]

Overview Recently, NSFOCUS CERT detected an Authentication Bypass vulnerability in VMware Aria Operations for Networks. Due to the lack of unique cryptographic key generation, Aria Operations for Networks is susceptible to an authentication bypass vulnerability. Attackers with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations […]