December 11, 2023

The U.S. CISA added three security flaws to its Known Exploited Vulnerabilities KEV ctalog, based on evidence of active exploitation.

The vulnerabilities are as follows –

  • CVE-2023-28432 (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability
  • CVE-2023-27350 (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability
  • CVE-2023-2136 (CVSS score – TBD) – Google Chrome Skia Integer Overflow Vulnerability

In a cluster deployment, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. As many as 18 unique malicious IP addresses from the U.S., Netherlands, France, Japan, and Finland have attempted to exploit the flaw in recent times

A critical RCE bug affecting PaperCut print management software that allows remote attackers to auth bypass and run arbitrary code. The vulnerability has been addressed by the vendor as of March 8, 2023, with the release of PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9.

Third is an actively exploited flaws is a Google Chrome vulnerability affecting the Skia 2D graphics library that could enable a threat actor to perform a sandbox escape via a crafted HTML page

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d