AA23-215A:2022 年最常被利用的漏洞
A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022.
CVE-2023-35078:Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core 未经身份验证的 API 访问漏洞
Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
Oracle 2023 年 7 月补丁更新解决了 183 个 CVE
Oracle addresses 183 CVEs in its third quarterly update of 2023 with 508 patches, including 76 critical updates.
CVE-2023-3519:Netscaler ADC (Citrix ADC) 和 Netscaler Gateway (Citrix Gateway) 中的重大 RCE
Citrix has released a patch fixing a remote code execution vulnerability in several versions of Netscaler ADC and Netscaler Gateway that has been exploited. Organizations are urged to patch immediately.
CVE-2023-3595,CVE-2023-3596:Rockwell Automation ControlLogix 漏洞披露
Rockwell Automation issues advisory for multiple vulnerabilities, including a critical flaw that could lead to disruption or destruction of critical infrastructure processes.
Finding Rockwell Automation Allen-Bradley Communication Modules Affected by CVE-2023-3595 and CVE-2023-3596 in OT Environments
Identifying vulnerable systems in your industrial environment can be complex. Use the wrong tool and it will overlook affected devices. Find out how Tenable OT Security is designed to give you in-depth asset visibility to address these new vulnerabilities without disrupting productivity.
Microsoft 2023 年 7 月补丁星期二解决了 130 个 CVE (CVE-2023-36884)
Microsoft addresses 130 CVEs including five that were exploited in the wild as zero-day vulnerabilities and guidance on the malicious use of Microsoft signed drivers.
CVE-2023-33299: FortiNAC 中的重大远程代码执行漏洞
Fortinet has released a patch fixing a remote code execution vulnerability in several versions of FortiNAC
MOVEit Transfer 漏洞和 CL0P 勒索软件团伙常见问题
Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang.
CVE-2023-20887:VMware Aria 网络运营命令注入
VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8.
Microsoft 的 2023 年 6 月补丁星期二解决了 70 个 CVE (CVE-2023-29357)
Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.
CVE-2023-27997:Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)
Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately.