Vulnerability CVE-2023-4969, nicknamed LeftoverLocals, has been disclosed by Trail of Bits. It allows a local attacker to read memory from other processes. The attacker can use a vulnerable GPU’s (Graphical Processing Unit) programmable interface to access memory that is expected to be isolated from other users and processes. Trail of Bits has proven that a GPU kernel can observe memory values from a different GPU kernel even when both are isolated between two different applications.

A critical 9.3 CVSS 4.0 vulnerability has been discovered in Junos OS J-Web interface on SRX series firewall and EX series switches. Identified as CVE-2024-21591, this out-of-bounds write vulnerability impacts the J-Web interface of affected operating systems. The vulnerability is caused by an insecure function that allows an attacker to overwrite arbitrary memory. An unauthenticated, network-bound hacker can cause a Denial of Service (DoS) or Remote Code Execution (RCE) on the device to obtain root privileges. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This critical vulnerability, defined as CVE-2023-22527 (CVSS 3.0: 10.0), is susceptible to template-injection techniques and affects versions of the software that are out-of-date. If exploited, it can execute code remotely. Users of affected versions are urged by Atlassian to remediate this vulnerability immediately.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability to its known exploited vulnerability catalog, CVE-2023-29357, that has a CVSS score of 9.8 CRITICAL and is an Escalation of Privilege vulnerability that affects Microsoft SharePoint Server. For CISA to add vulnerabilities to its Known Exploited Vulnerabilities catalog, three key criteria must be met. First, the vulnerability must have a CVE ID, second, reliable evidence that the vulnerability has been actively exploited in the wild exists, and third, clear remediation action for the vulnerability is available. When a vulnerability is added to this list, it should be patched with urgency and in a particular way.

SSH transport protocol with specific OpenSSH extensions (AsyncSSH) that are version 9.6 or less are susceptible to CVE-2023-48795 (CVSS 3.1: 5.9) Terrapin attacks. After performing a MiTM attack, remote attackers are able to then intercept and spy on communications and spoof the identity of both the recipient and the sender. Secure Shell Protocol (SSH) is the new standard for remote login and file transfers within organizations. Currently there is an attack which requires a man-in-the-middle attack in order for the Terrapin attack to be attempted.

A vulnerability is present in Ivanti EndPoint Manager version 2021/2022 prior to SU5. This vulnerability is classified as CVE-2023-39336 and was given a critical CVSS score of 9.6. If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication. This can potentially allow for an attacker to control all machines running an agent from the end point manager. If the core server is configured to use Microsoft SQL Express, this could lead to remote-code execution on the core server.

A vulnerability was discovered in iOS/iPadOS 16 and macOS 13 by Félix Poulin-Bélanger identified as CVE-2023-41974. Poulin-Bélanger recently generated extensive proof-of-concept code, which can win a race condition and exploit a use-after-free which results in Kernel read and write operations. This vulnerability was recently patched by Apple in a security release for iOS and iPadOS 17. There are also updates for macOS regarding other use-after-free vulnerabilities here.

Barracuda has an ongoing investigation regarding a threat actor exploiting an arbitrary code execution vulnerability affecting its Email Security Gateway Appliance (ESG). The vulnerability, tracked as CVE-2023-7102, is a zero-day which affects an open-source third-party library called Speadsheet::ParseExcel. Using this library, attackers can deploy a specially crafted Excel email attachment to targeted ESG devices.

Google released an advisory on December 20th detailing a new Stable Channel update for Desktop. In this release a vulnerability known as CVE-2023-7024 was patched and was reported that an exploit for this vulnerability exists in the wild. Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group were responsible for discovering and reporting on this zero-day vulnerability. Not much information is available at this time for CVE-2023-7024, but it is described as a heap buffer overflow in WebRTC.