The US Cybersecurity and Infrastructure Security Agency (CISA) has added six security vulnerabilities to its Known Exploitable Vulnerabilities (KEV) list, citing evidence of active exploitation.
This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability affecting the Apache Superset open-source data visualization software that could enable remote code execution. This was fixed in version 2.1.
Details of the issue first came to light in April 2023, with Horizon3.ai’s Naveen Sunkavally describing it as a “dangerous default configuration in Apache Superset that allows an unauthenticated attacker to gain remote code execution, harvest credentials, and compromise data.”
It is not currently known how this vulnerability is being exploited in the wild. CISA also added five more loopholes –
- CVE-2023-38203 (CVSS score: 9.8) – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
- CVE-2023-29300 (CVSS score: 9.8) – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
- CVE-2023-41990 (CVSS score: 7.8) – Apple Multiple Products Code Execution Vulnerability
- CVE-2016-20017 (CVSS score: 9.8) – D-Link DSL-2750B Devices Command Injection Vulnerability
- CVE-2023-23752 (CVSS score: 5.3) – Joomla! Improper Access Control Vulnerability
It’s worth noting that CVE-2023-41990, patched by Apple in iOS 15.7.8 and iOS 16.3, was used by unknown actors as part of Operation Triangulation spyware attacks to achieve remote code execution when processing a specially crafted iMessage PDF attachment.
Federal Civil Executive Branch (FCEB) agencies have been recommended to implement the fix for the above bug by January 29, 2024 to secure their networks against active threats.
9 comments
แพลตฟอร์ม [url=https://u31-888.com]u31[/url] รับประกันว่าผู้เล่นสามารถติดต่อสอบถามหรือขอความช่วยเหลือได้ทุกเวลา โดยไม่ต้องกังวลว่าจะพลาดการตอบกลับ ทีมบริการลูกค้าจะทำการตรวจสอบและแก้ไขข้อสงสัยของผู้เล่นอย่างรวดเร็วที่สุด ทุกปัญหาจะได้รับการแก้ไขอย่างมืออาชีพและตรงจุด ด้วยการให้บริการที่เป็นมาตรฐานระดับสากล ผู้เล่นสามารถมั่นใจได้ว่าเงินทุนและข้อมูลส่วนตัวของตนจะได้รับการดูแลอย่างปลอดภัยทุกครั้งที่ใช้บริการ
Your insights on this topic are truly valuable. I appreciate your well-thought-out perspective.
Hi, its pleasant post about media print, we all understand media
is a wonderful source of information.
I like what you guys are usually up too. Such clever work and coverage! Keep up the wonderful works guys I’ve incorporated you guys to my personal blogroll.
Woah! I’m really digging the template/theme of this blog. It’s simple, yet effective. A lot of times it’s difficult to get that “perfect balance” between user friendliness and visual appearance. I must say you’ve done a awesome job with this. In addition, the blog loads super fast for me on Safari. Superb Blog!
I’ve been surfing online more than three hours today, yet I never found any interesting article like yours. It is pretty worth enough for me. In my view, if all webmasters and bloggers made good content as you did, the net will be much more useful than ever before.
I visited many blogs but the audio feature for audio songs current at this web page is truly excellent.
Way cool! Some extremely valid points! I appreciate you writing this write-up and also the rest of the site is really good.
Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! However, how can we communicate?