May 28, 2023

The U.S. CISA added three security flaws to its Known Exploited Vulnerabilities KEV ctalog, based on evidence of active exploitation.

The vulnerabilities are as follows –

  • CVE-2023-28432 (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability
  • CVE-2023-27350 (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability
  • CVE-2023-2136 (CVSS score – TBD) – Google Chrome Skia Integer Overflow Vulnerability

In a cluster deployment, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. As many as 18 unique malicious IP addresses from the U.S., Netherlands, France, Japan, and Finland have attempted to exploit the flaw in recent times

A critical RCE bug affecting PaperCut print management software that allows remote attackers to auth bypass and run arbitrary code. The vulnerability has been addressed by the vendor as of March 8, 2023, with the release of PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9.

Third is an actively exploited flaws is a Google Chrome vulnerability affecting the Skia 2D graphics library that could enable a threat actor to perform a sandbox escape via a crafted HTML page

Tags:

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: