CVE Database
Real-time vulnerability intelligence for Australian businesses
Microsoft Exchange Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Exchange Server when the software fails to properly validate input.
Impact
An unauthenticated attacker could execute arbitrary code on the Exchange server.
Mitigation
Apply January 2025 Exchange Server security updates immediately
Cisco ASA SSL VPN Authentication Bypass
An authentication bypass vulnerability in Cisco ASA SSL VPN allows unauthenticated access.
Impact
Remote unauthenticated attackers can bypass authentication and gain VPN access.
Mitigation
Upgrade to ASA software version 9.18.4.47 or later
VMware vSphere Client Privilege Escalation
A privilege escalation vulnerability in VMware vSphere Client allows authenticated users to gain administrative privileges.
Impact
Authenticated users with limited privileges can escalate to full administrative access.
Mitigation
Apply VMware security advisory VMSA-2025-0001
Apache HTTP Server Directory Traversal
A directory traversal vulnerability in Apache HTTP Server allows unauthorized file access.
Impact
Attackers can read sensitive files outside the web root directory.
Mitigation
Update to Apache HTTP Server 2.4.62 or later
Google Chrome V8 Type Confusion
Type confusion vulnerability in V8 JavaScript engine in Google Chrome.
Impact
Remote attackers could potentially exploit heap corruption via a crafted HTML page.
Mitigation
Update to Chrome version 131.0.6778.85 or later
Microsoft Windows Kernel Elevation of Privilege
An elevation of privilege vulnerability exists in the Windows kernel when it fails to properly handle objects in memory.
Impact
An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Mitigation
Apply February 2025 Windows security updates
Fortinet FortiGate SSL VPN Buffer Overflow
A buffer overflow vulnerability in FortiGate SSL VPN may allow remote code execution.
Impact
Remote unauthenticated attackers can execute arbitrary code on FortiGate devices.
Mitigation
Upgrade to FortiOS 7.4.4, 7.2.8, or disable SSL VPN if not required
Atlassian Confluence Server OGNL Injection
An OGNL injection vulnerability in Atlassian Confluence Server allows remote code execution.
Impact
Unauthenticated attackers can execute arbitrary code on Confluence servers.
Mitigation
Update to Confluence 8.5.9, 8.9.2, or later versions immediately
Oracle WebLogic Server Deserialization Vulnerability
A deserialization vulnerability in Oracle WebLogic Server allows remote code execution.
Impact
Unauthenticated attackers can execute arbitrary code on WebLogic servers.
Mitigation
Apply Oracle Critical Patch Update April 2025
Palo Alto Networks GlobalProtect Portal SQL Injection
An SQL injection vulnerability in GlobalProtect portal allows unauthorized access.
Impact
Attackers can extract sensitive information from the GlobalProtect database.
Mitigation
Upgrade to PAN-OS 10.2.10, 11.0.5, 11.1.3, or later versions
Microsoft SharePoint Server Remote Code Execution
A remote code execution vulnerability exists in Microsoft SharePoint Server when the software fails to check the source markup of an application.
Impact
An authenticated attacker could execute arbitrary code in the context of the SharePoint application pool.
Mitigation
Apply June 2025 SharePoint Server security updates
Citrix NetScaler ADC Authentication Bypass
An authentication bypass vulnerability in Citrix NetScaler ADC allows unauthorized access.
Impact
Unauthenticated attackers can bypass authentication and gain administrative access.
Mitigation
Upgrade to NetScaler 13.1-51.15, 14.1-12.35, or later versions
Apache Struts Remote Code Execution
A remote code execution vulnerability in Apache Struts when processing file uploads.
Impact
Remote attackers can execute arbitrary code on vulnerable Struts applications.
Mitigation
Update to Apache Struts 2.5.33 or 6.3.0.2 or later
SolarWinds Orion Platform SQL Injection
An SQL injection vulnerability in SolarWinds Orion Platform allows unauthorized database access.
Impact
Authenticated attackers can extract sensitive information from the Orion database.
Mitigation
Apply SolarWinds security hotfix 2025.3.1 or later
Zoom Client Buffer Overflow Vulnerability
A buffer overflow vulnerability in Zoom Client allows remote code execution.
Impact
Remote attackers can execute arbitrary code through malicious meeting invitations.
Mitigation
Update to Zoom Client version 5.17.5 or later
Jenkins Remote Code Execution via Plugin
A remote code execution vulnerability in Jenkins core allows arbitrary code execution.
Impact
Authenticated attackers can execute arbitrary code on Jenkins servers.
Mitigation
Update to Jenkins 2.426.2 LTS or 2.470 weekly or later
Microsoft Teams Remote Code Execution
A remote code execution vulnerability exists in Microsoft Teams when the application fails to properly sanitize input.
Impact
An attacker could execute arbitrary code in the context of the current user.
Mitigation
Update to Microsoft Teams version 1.7.00.26062 or later
Docker Engine Privilege Escalation
A privilege escalation vulnerability in Docker Engine allows container escape.
Impact
Attackers with container access can escalate to host system privileges.
Mitigation
Update to Docker Engine 24.0.7 or later
Kubernetes API Server Information Disclosure
An information disclosure vulnerability in Kubernetes API Server allows unauthorized access to cluster information.
Impact
Authenticated users can access sensitive cluster configuration information.
Mitigation
Update to Kubernetes 1.28.12, 1.29.7, 1.30.3, or later
Nginx HTTP/2 Memory Corruption
A memory corruption vulnerability in Nginx HTTP/2 implementation allows denial of service.
Impact
Remote attackers can cause denial of service or potentially execute arbitrary code.
Mitigation
Update to Nginx 1.25.5, 1.24.0, or later versions
Splunk Enterprise Information Disclosure
An information disclosure vulnerability in Splunk Enterprise allows unauthorized access to search results.
Impact
Authenticated users can access search results they should not have permission to view.
Mitigation
Update to Splunk Enterprise 9.2.2, 9.1.5, 9.0.10, or later
Drupal Core Remote Code Execution
A remote code execution vulnerability in Drupal Core allows arbitrary code execution.
Impact
Unauthenticated attackers can execute arbitrary code on Drupal websites.
Mitigation
Update to Drupal 10.2.6, 10.1.19, or later versions
WordPress Core SQL Injection
An SQL injection vulnerability in WordPress Core allows database manipulation.
Impact
Authenticated attackers can manipulate database queries and extract sensitive information.
Mitigation
Update to WordPress 6.5.3 or later
Elastic Elasticsearch Privilege Escalation
A privilege escalation vulnerability in Elasticsearch allows unauthorized cluster access.
Impact
Authenticated users can escalate privileges to cluster administrator level.
Mitigation
Update to Elasticsearch 8.13.4, 8.12.3, or later versions
Redis Remote Code Execution
A remote code execution vulnerability in Redis allows arbitrary command execution.
Impact
Unauthenticated attackers can execute arbitrary commands on Redis servers.
Mitigation
Update to Redis 7.2.5, 7.0.15, or later versions
MongoDB Server Authentication Bypass
An authentication bypass vulnerability in MongoDB Server allows unauthorized database access.
Impact
Remote attackers can bypass authentication and access MongoDB databases.
Mitigation
Update to MongoDB 7.0.12, 6.0.16, or later versions
Postfix SMTP Server Buffer Overflow
A buffer overflow vulnerability in Postfix SMTP server allows remote code execution.
Impact
Remote attackers can execute arbitrary code on mail servers.
Mitigation
Update to Postfix 3.8.6, 3.7.11, or later versions
OpenSSL Certificate Validation Bypass
A certificate validation bypass vulnerability in OpenSSL allows man-in-the-middle attacks.
Impact
Attackers can intercept and modify encrypted communications.
Mitigation
Update to OpenSSL 3.0.14, 3.1.6, or later versions
PostgreSQL Privilege Escalation
A privilege escalation vulnerability in PostgreSQL allows unauthorized database access.
Impact
Authenticated users can escalate privileges to database administrator level.
Mitigation
Update to PostgreSQL 16.3, 15.7, 14.12, or later versions
Microsoft Outlook Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory.
Impact
An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Mitigation
Apply the latest security updates from Microsoft
Palo Alto Networks PAN-OS Command Injection Vulnerability
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software.
Impact
Unauthenticated attackers can execute arbitrary code with root privileges on the firewall.
Mitigation
Upgrade to PAN-OS 10.2.9-h1, 11.0.4-h1, 11.1.2-h3, or later versions
PHP CGI Argument Injection Vulnerability
Argument injection vulnerability in PHP when using CGI mode on Windows systems.
Impact
Remote code execution on vulnerable PHP installations running in CGI mode.
Mitigation
Update to PHP 8.3.8, 8.2.20, 8.1.29 or disable CGI if not required
OpenSSH Remote Code Execution (regreSSHion)
A signal handler race condition in OpenSSH server (sshd) allows remote code execution.
Impact
Unauthenticated remote attackers can execute arbitrary code as root.
Mitigation
Update to OpenSSH 9.8p1 or later, or apply vendor patches
Windows TCP/IP Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the Windows TCP/IP stack.
Impact
An unauthenticated attacker could send specially crafted IPv6 packets to cause remote code execution.
Mitigation
Apply August 2024 Windows security updates immediately
Windows MSHTML Platform Spoofing Vulnerability
A spoofing vulnerability exists in Windows MSHTML Platform when it improperly validates input.
Impact
An attacker could exploit this vulnerability to spoof content, perform phishing attacks, or redirect users.
Mitigation
Install July 2024 Windows security updates
Windows Remote Desktop Licensing Service Remote Code Execution
A remote code execution vulnerability exists in Windows Remote Desktop Licensing Service.
Impact
An unauthenticated attacker could send a specially crafted request to execute arbitrary code.
Mitigation
Apply July 2024 Windows security updates and restrict RDS access
Palo Alto Networks Expedition SQL Injection
An SQL injection vulnerability in Palo Alto Networks Expedition allows unauthenticated attackers to reveal usernames, passwords, device configurations, and device API keys.
Impact
Complete compromise of Expedition tool and connected firewall configurations.
Mitigation
Update to Expedition 1.2.96 or later and reset all credentials
Atlassian Confluence Data Center Remote Code Execution
Improper neutralization of special elements used in an OS command in Confluence Data Center and Server.
Impact
Unauthenticated attackers can execute arbitrary system commands on the server.
Mitigation
Update to Confluence 8.5.8, 8.9.1, or later versions immediately
VMware ESXi Authentication Bypass
An authentication bypass vulnerability affecting VMware ESXi, Workstation, and Fusion products.
Impact
A malicious actor with sufficient Active Directory permissions can gain full access to an ESXi host.
Mitigation
Apply VMware security updates VMSA-2024-0012
Microsoft Windows Scripting Engine Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft browsers.
Impact
An attacker could corrupt memory in a way that enables arbitrary code execution in the context of the current user.
Mitigation
Install August 2024 Windows and Internet Explorer security updates
Google Chrome Type Confusion Vulnerability
Type confusion vulnerability in V8 JavaScript engine in Google Chrome prior to version 125.0.6422.60.
Impact
Remote attackers could potentially exploit heap corruption via a crafted HTML page.
Mitigation
Update to Chrome version 125.0.6422.60 or later
Windows File Explorer Remote Code Execution
A remote code execution vulnerability exists when Windows File Explorer improperly handles calls to Advanced Local Procedure Call (ALPC).
Impact
An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.
Mitigation
Apply August 2024 Windows security updates
Windows Mark of the Web Security Feature Bypass
A security feature bypass vulnerability exists in Windows when it improperly handles Mark of the Web (MOTW).
Impact
An attacker could bypass Windows Defender SmartScreen checks and execute malicious files.
Mitigation
Install September 2024 Windows security updates
Cisco IOS XE Web UI Privilege Escalation
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges.
Impact
An attacker could exploit this vulnerability to gain administrator-level privileges.
Mitigation
Apply Cisco security updates and disable web UI if not required
Microsoft Project Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Project when it fails to properly handle objects in memory.
Impact
An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Mitigation
Apply August 2024 Microsoft Project security updates
OpenSSH Remote Code Execution via Signal Handler
A race condition vulnerability in OpenSSH server signal handler could lead to remote code execution.
Impact
Remote unauthenticated attackers may be able to execute arbitrary code as root.
Mitigation
Update to OpenSSH 9.8p1 or later versions
Windows Installer Elevation of Privilege
An elevation of privilege vulnerability exists when Windows Installer improperly handles certain file operations.
Impact
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Mitigation
Apply June 2024 Windows security updates
Apache HTTP Server SSRF Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server mod_rewrite module.
Impact
Attackers can make the server perform unintended requests to internal or external systems.
Mitigation
Update to Apache HTTP Server 2.4.60 or later
Windows Update Stack Elevation of Privilege
An elevation of privilege vulnerability exists in the Windows Update Stack when it improperly handles calls to Advanced Local Procedure Call (ALPC).
Impact
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Mitigation
Install August 2024 Windows security updates
Fortinet FortiOS Out-of-bounds Write
An out-of-bounds write vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code.
Impact
Remote code execution on FortiGate devices with SSL-VPN enabled.
Mitigation
Upgrade to FortiOS 7.4.3, 7.2.7, 7.0.14, or disable SSL-VPN if not required
Windows Kernel Elevation of Privilege
An elevation of privilege vulnerability exists in the Windows kernel when it fails to properly handle objects in memory.
Impact
An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Mitigation
Apply July 2024 Windows security updates
Rejetto HTTP File Server Remote Code Execution
A template injection vulnerability in Rejetto HTTP File Server (HFS) allows remote code execution.
Impact
Unauthenticated remote attackers can execute arbitrary commands on the server.
Mitigation
Update to HFS 2.4.0 RC7 or later, or discontinue use if not required
Windows Kernel Information Disclosure
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory.
Impact
An attacker who successfully exploited this vulnerability could obtain information to further compromise the system.
Mitigation
Install July 2024 Windows security updates
Google Chrome Out-of-bounds Memory Access
An out-of-bounds memory access vulnerability in V8 JavaScript engine in Google Chrome.
Impact
Remote attackers could potentially exploit heap corruption via a crafted HTML page.
Mitigation
Update to Chrome version 120.0.6099.224 or later
VMware vCenter Server Privilege Escalation
A privilege escalation vulnerability in VMware vCenter Server due to improper permissions.
Impact
Authenticated users with non-administrative privileges may escalate to root.
Mitigation
Apply VMware security patches VMSA-2024-0006
Progress Kemp LoadMaster Command Injection
An unauthenticated command injection vulnerability in Progress Kemp LoadMaster.
Impact
Remote unauthenticated attackers can execute arbitrary system commands.
Mitigation
Upgrade to LoadMaster firmware 7.2.59.1 or later
Fortra GoAnywhere MFT Authentication Bypass
An authentication bypass vulnerability in Fortra GoAnywhere MFT allows unauthorized access.
Impact
Unauthenticated attackers can access the administrative interface and create admin users.
Mitigation
Apply security patch 7.4.1 or later, restrict admin interface access
JetBrains TeamCity Authentication Bypass
An authentication bypass vulnerability in JetBrains TeamCity allows unauthorized access.
Impact
Unauthenticated attackers can access TeamCity servers and execute arbitrary code.
Mitigation
Update to TeamCity 2023.11.4 or later versions
D-Link NAS Command Injection Vulnerability
A command injection vulnerability in D-Link NAS devices allows remote code execution.
Impact
Unauthenticated attackers can execute arbitrary commands on D-Link NAS devices.
Mitigation
Apply firmware updates or discontinue use if unsupported
Ivanti Connect Secure Authentication Bypass
An authentication bypass vulnerability in Ivanti Connect Secure allows unauthorized access.
Impact
Unauthenticated attackers can bypass authentication and access VPN resources.
Mitigation
Apply Ivanti security updates immediately
Apache HTTP Server SSRF Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server mod_rewrite module.
Impact
Attackers can make the server perform unintended requests to internal or external systems.
Mitigation
Update to Apache HTTP Server 2.4.60 or later
HTTP/2 Rapid Reset Attack
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly.
Impact
Attackers can cause denial of service by rapidly resetting HTTP/2 streams.
Mitigation
Update HTTP/2 implementations and configure rate limiting
Windows Search Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Windows Search when parsing certain file types.
Impact
An attacker could execute arbitrary code by convincing a user to open a specially crafted file.
Mitigation
Apply July 2023 Windows security updates
Cisco IOS XE Web UI Privilege Escalation
A privilege escalation vulnerability in Cisco IOS XE Web UI allows unauthenticated access.
Impact
Unauthenticated attackers can create local user accounts with privilege level 15 access.
Mitigation
Disable HTTP Server feature or apply Cisco security updates
Citrix NetScaler Information Disclosure (Citrix Bleed)
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server.
Impact
Attackers can obtain session tokens and other sensitive information.
Mitigation
Install NetScaler security updates immediately
Atlassian Confluence Privilege Escalation
A privilege escalation vulnerability in Atlassian Confluence allows unauthenticated attackers to create administrator accounts.
Impact
Unauthenticated attackers can create Confluence administrator accounts.
Mitigation
Update to Confluence 8.3.3, 8.4.3, 8.5.2, or later versions
Apache ActiveMQ Remote Code Execution
Apache ActiveMQ is vulnerable to Remote Code Execution due to unsafe deserialization.
Impact
Unauthenticated attackers can execute arbitrary code on ActiveMQ servers.
Mitigation
Update to Apache ActiveMQ 5.18.3, 5.17.6, or later versions
WinRAR Remote Code Execution Vulnerability
A remote code execution vulnerability in WinRAR allows arbitrary code execution when processing RAR archives.
Impact
Attackers can execute arbitrary code by convincing users to open malicious RAR files.
Mitigation
Update to WinRAR 6.23 or later versions
Windows Common Log File System Driver Elevation of Privilege
An elevation of privilege vulnerability exists in Windows Common Log File System Driver.
Impact
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Mitigation
Apply April 2023 Windows security updates
Microsoft Message Queuing Elevation of Privilege
An elevation of privilege vulnerability exists in Microsoft Message Queuing (MSMQ) service.
Impact
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Mitigation
Apply January 2023 Windows security updates
Microsoft Outlook Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Outlook when NTLM credentials are leaked.
Impact
Attackers can steal NTLM hashes and potentially gain unauthorized access.
Mitigation
Apply March 2023 Outlook security updates and disable NTLM if possible
Fortinet FortiOS Heap Buffer Overflow
A heap-based buffer overflow vulnerability in FortiOS SSL-VPN allows remote code execution.
Impact
Remote unauthenticated attackers can execute arbitrary code on FortiGate devices.
Mitigation
Upgrade to FortiOS 7.4.1, 7.2.5, 7.0.12, 6.4.13, 6.2.15, or 6.0.17
Progress MOVEit Transfer SQL Injection
A SQL injection vulnerability in Progress MOVEit Transfer allows unauthorized access.
Impact
Unauthenticated attackers can gain unauthorized access to MOVEit Transfer databases.
Mitigation
Apply MOVEit Transfer security patch immediately
Barracuda Email Security Gateway Remote Command Injection
A remote command injection vulnerability in Barracuda Email Security Gateway allows arbitrary code execution.
Impact
Remote attackers can execute arbitrary commands on Email Security Gateway appliances.
Mitigation
Apply Barracuda security patches or replace affected appliances
Cisco ASA and FTD Denial of Service Vulnerability
A vulnerability in Cisco ASA and FTD could allow an unauthenticated, remote attacker to cause a denial of service condition.
Impact
Attackers can cause device reload and denial of service.
Mitigation
Apply Cisco security updates for ASA and FTD
Microsoft Exchange Server Remote Code Execution
A remote code execution vulnerability exists in Microsoft Exchange Server when the software fails to properly validate input.
Impact
An authenticated attacker could execute arbitrary code on the Exchange server.
Mitigation
Apply August 2023 Exchange Server security updates
Microsoft SharePoint Server Elevation of Privilege
An elevation of privilege vulnerability exists in Microsoft SharePoint Server when the software fails to properly handle objects in memory.
Impact
An authenticated attacker could execute arbitrary code in the context of the SharePoint application pool.
Mitigation
Apply June 2023 SharePoint Server security updates
Openfire Administration Console Authentication Bypass
An authentication bypass vulnerability in Openfire Administration Console allows unauthorized access.
Impact
Unauthenticated attackers can access the Openfire administration console.
Mitigation
Update to Openfire 4.7.5 or later versions
Zyxel Firewall Command Injection Vulnerability
A command injection vulnerability in Zyxel firewall devices allows remote code execution.
Impact
Unauthenticated attackers can execute arbitrary commands on Zyxel firewalls.
Mitigation
Apply Zyxel firmware updates or restrict management interface access
Apache HTTP Server mod_proxy HTTP Response Splitting
HTTP response splitting vulnerability in Apache HTTP Server mod_proxy module.
Impact
Attackers can perform HTTP response splitting attacks and potentially execute cross-site scripting.
Mitigation
Update to Apache HTTP Server 2.4.56 or later
Microsoft Word Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Word when the software fails to properly handle objects in memory.
Impact
An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Mitigation
Apply January 2023 Microsoft Office security updates
Fortra GoAnywhere MFT Remote Code Execution
A remote code execution vulnerability in Fortra GoAnywhere MFT allows arbitrary code execution.
Impact
Remote attackers can execute arbitrary code on GoAnywhere MFT servers.
Mitigation
Apply GoAnywhere MFT security patch 7.1.2 or later
Cisco IOS XR Software Denial of Service
A vulnerability in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service condition.
Impact
Attackers can cause device reload and denial of service.
Mitigation
Apply Cisco IOS XR software updates
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized access.
Impact
Unauthenticated attackers can access the EPMM administrative interface.
Mitigation
Apply Ivanti EPMM security updates immediately
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal
A path traversal vulnerability in Ivanti EPMM allows unauthorized file access.
Impact
Authenticated attackers can read arbitrary files on the EPMM server.
Mitigation
Apply Ivanti EPMM security updates
curl SOCKS5 Heap Buffer Overflow
A heap buffer overflow vulnerability in curl when using SOCKS5 proxy with slow hostname resolution.
Impact
Attackers can cause denial of service or potentially execute arbitrary code.
Mitigation
Update to curl 8.4.0 or later versions
Atlassian Confluence Improper Authorization
An improper authorization vulnerability in Atlassian Confluence allows unauthorized access to restricted resources.
Impact
Unauthenticated attackers can access and exfiltrate Confluence site data.
Mitigation
Update to Confluence 8.3.4, 8.4.4, 8.5.3, or later versions
Microsoft .NET and Visual Studio Elevation of Privilege
An elevation of privilege vulnerability exists in .NET Framework and Visual Studio.
Impact
An attacker who successfully exploited this vulnerability could gain elevated privileges.
Mitigation
Apply November 2023 .NET Framework and Visual Studio updates
Apple Safari WebKit Remote Code Execution
A remote code execution vulnerability in WebKit affects Safari and other WebKit-based browsers.
Impact
Processing maliciously crafted web content may lead to arbitrary code execution.
Mitigation
Update to Safari 17.0, iOS 17.0.3, iPadOS 17.0.3, or later
JetBrains TeamCity Authentication Bypass
An authentication bypass vulnerability in JetBrains TeamCity allows unauthorized access.
Impact
Unauthenticated attackers can access TeamCity servers with administrative privileges.
Mitigation
Update to TeamCity 2023.05.4 or later versions
LG Simple Editor Directory Traversal
A directory traversal vulnerability in LG Simple Editor allows unauthorized file access.
Impact
Attackers can read arbitrary files on the system.
Mitigation
Update LG Simple Editor or restrict access
Linux Kernel nf_tables Use-After-Free
A use-after-free vulnerability in Linux kernel nf_tables allows privilege escalation.
Impact
Local attackers can escalate privileges to root.
Mitigation
Update to Linux kernel 6.4.1 or apply vendor patches
Linux Kernel Netfilter Use-After-Free
A use-after-free vulnerability in Linux kernel Netfilter allows privilege escalation.
Impact
Local attackers can escalate privileges to root.
Mitigation
Update to Linux kernel 6.3.1 or apply vendor patches
Microsoft Win32k Elevation of Privilege
An elevation of privilege vulnerability exists in Win32k when it fails to properly handle objects in memory.
Impact
An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Mitigation
Apply May 2023 Windows security updates
Microsoft Exchange Server Elevation of Privilege
An elevation of privilege vulnerability exists in Microsoft Exchange Server when the software fails to properly handle objects in memory.
Impact
An authenticated attacker could gain elevated privileges on the Exchange server.
Mitigation
Apply February 2023 Exchange Server security updates
Citrix ShareFile Storage Zones Controller Information Disclosure
An information disclosure vulnerability in Citrix ShareFile Storage Zones Controller.
Impact
Authenticated attackers can access sensitive configuration information.
Mitigation
Apply Citrix ShareFile security updates