Microsoft Edge, Teams, and Skype Vulnerabilities:
Microsoft released urgent patches for vulnerabilities
in Edge, Teams, and Skype1.
JetBrains TeamCity RCE Vulnerability:
A critical vulnerability identified as
CVE-2023-42793 was found in JetBrains' TeamCity
server, allowing for Remote Code Execution (RCE)
without user input due to an authentication bypass
flaw2.
Arm Mali GPU Vulnerabilities:
Vulnerabilities identified in the Arm Mali GPU
drivers, notably CVE-2023-4211, were actively
exploited. Patches were issued for Bifrost,
Valhall, and Arm 5th Gen GPU architectures,
though a fix for Midgard GPU kernel driver may
not be available2.
Exim Mail Server Vulnerabilities:
Multiple zero-day vulnerabilities identified in
Exim's SMTP service, including an RCE
vulnerability (CVE-2023-42115) caused by
insufficient validation of user-supplied data,
resulting in a buffer overflow2.
Android October 2023 Update Vulnerabilities:
The Android October 2023 security update
addressed 54 vulnerabilities, including a buffer
overflow vulnerability (CVE-2023-4863) in the
libwebp library, and an actively exploited
vulnerability (CVE-2023-4211) in the Arm Mali
GPU drivers on Android devices2.
Curl and libcurl Vulnerabilities:
Two vulnerabilities, CVE-2023-38545 (a SOCKS5
heap buffer overflow vulnerability) and
CVE-2023-38546 (a cookie injection flaw), were
identified and fixed in Curl v8.4.03.
free5gc Web API Vulnerability:
A vulnerability in the /api/ component of
free5gc, identified as CVE-2023-5329, leads to
improper authentication4.
F5 Vulnerabilities:
On October 10, 2023, F5 announced several
security issues5.
PS: I format this better next time, creating a template now.
Happy Hacking
ReK2
--
- {gemini,https}://{,rek2.}
hispagatos.org - mastodon: @
re...@hispagatos.space
- [https|gemini]://2600.Madrid -
https://hispagatos.space/@rek2
-
https://keyoxide.org/A31C7CE19D9C58084EA42BA26C0B0D11E9303EC5