December 9, 2023

The US CISA added the following five new issues to its Known Exploited Vulnerabilities Catalog:

  • CVE-2023-20963 – Android Framework Privilege Escalation Vulnerability. Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed;
  • CVE-2023-29492 – Novi Survey Insecure Deserialization Vulnerability. Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account;

Google addressed the vulnerability CVE-2023-20963 with the release of Android Security Bulletin—March 2023 security updates. The bulletin confirmed that “there are indications that CVE-2023-20963 may be under limited, targeted exploitation.

The other vulnerabilities are recently patched Microsoft CLFS zeroday and Apple Zerodays

CISA orders federal agencies to fix this flaw by May 4, 2023.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023
%d