CVE-2023-22527:Atlassian Confluence 数据中心和服务器模板注入在现实环境中遭利用
In the wild exploitation has begun for a recently disclosed, critical severity flaw in Atlassian Confluence Data Center and Server
Oracle 2024 年 1 月重要补丁更新解决了 191 个 CVE
Oracle addresses 191 CVEs in its first quarterly update of 2024 with 389 patches, including 37 critical updates.
CVE-2023-6548、CVE-2023-6549:在 Citrix NetScaler ADC 和 NetScaler Gateway 中遭利用的零日漏洞
Two zero-day vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway have been exploited in the wild. Urgent patching is required to address these flaws.
CVE-2023-46805、CVE-2024-21887:在 Ivanti Connect Secure 和 Policy Secure Gateways 中遭利用的零日漏洞
Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors.
Microsoft 2024 年 1 月补丁星期二解决了 48 个 CVE (CVE-2024-20674)
Microsoft addresses 48 CVEs in its January 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities.
Microsoft 补丁星期二 2023 年回顾
Microsoft addressed over 900 CVEs as part of Patch Tuesday releases in 2023, including over 20 zero-day vulnerabilities.
Microsoft 的 2023 年 12 月补丁星期二解决了 33 个 CVE (CVE-2023-36019)
Microsoft addresses 33 CVEs in its December 2023 Patch Tuesday release, with no zero-day vulnerabilities disclosed this month.
CVE-2023-4966 (CitrixBleed):将活动或持久会话置于无效状态,防止进一步受到侵害
Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication
CitrixBleed 常见问题 (CVE-2023-4966)
Frequently asked questions relating to a critical vulnerability in Citrix NetScaler that has been under active exploitation for over a month, including by ransomware groups.
Microsoft 的 2023 年11 月补丁星期二解决了 57 个 CVE (CVE-2023-36025)
Microsoft addresses 57 CVEs, including three zero-day vulnerabilities that were exploited in the wild.
CVE-2023-22518:Critical Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Atlassian warns of public vulnerability details for a critical flaw in Confluence Data Center and Server, as its CISO urges organizations to apply patches immediately.
CVE-2023-46747:F5 BIG-IP 中的关键身份验证绕过漏洞
A critical authentication bypass vulnerability in F5’s BIG-IP could allow remote, unauthenticated attackers to execute system commands. Organizations are encouraged to apply patches as soon as possible.
