Weekly Vulnerability Roundup: A Compiled List of Vulnerabilities and Exploits

Per week, Cyberwrites publishes a summary of cybersecurity news that compiles indispensable vulnerabilities and exploits that may well possess long past not notorious.

Our weekly vulnerability roundup will provide protection of newly found vulnerabilities, as nicely as those exploited to compromise organizations.

Weekly Vulnerability Roundup

Cisco

Cisco has printed a security advisory that states that they’ve found two vulnerabilities, an XSS and an HTML injection vulnerability.

These vulnerabilities existed in the SPA500 sequence of the Cisco Minute Enterprise IP Telephones. Cisco confirmed that there had been no workarounds for fixing these vulnerabilities.

Moreover to this, Cisco talked about that they wouldn’t be releasing security patches for these vulnerabilities as the Cisco Minute Enterprise SPA500 Series IP Telephones reached the pause-of-existence process on August 13, 2018.

Oracle

Oracle has released a record of security patches for larger than 130+ merchandise. These merchandise had been feeble in different industries, at the side of banking, dialog, endeavor, sort, and others.

Over 508 fresh security patches and CVE IDs had been released, of which 76 of them had Serious severity.

Apache OpenMeeting

OpenMeetings is an application that may well perhaps also be feeble for video calls, collaborative work, and shows.

The newly found vulnerability may well perhaps perhaps perhaps enable threat actors to accomplish instructions on the underlying server.

OpenSSH Agent

This flaw exists in OpenSSH’s ahead ssh-agent. This flaw enables an attacker to accomplish arbitrary instructions on inclined OpenSSH’s forwarded ssh-agent.

OpenSSH has been feeble in different servers and applications for a ways off login and file switch, alongside with encryption. This vulnerability exists in the ssh-agent program that allows authentication to a ways off servers without entering the passphrase each time.

Chrome 115 Update

Google released Chrome 115 to the stable channel for House windows, MacOS, and Linux on Tuesday, patching 20 vulnerabilities, at the side of 11 that had been found by exterior researchers.

Four security disorders had been assessed to be of “high severity,” while six had been particular to be of “medium severity.

Zimbra and Roundcube Exploited

An alarming spear-phishing marketing campaign has been uncovered, namely geared in the direction of executive organizations. This attack preys on the vulnerabilities of Zimbra and Roundcube email servers.

These emails performed without executive organizations’ anti-insist mail filters, which issue that the threat actors feeble several evasion ways to bypass insist mail detections.

Citrix NetScaler

Citrix not too long previously issued a security bulletin, cautioning customers about three fresh vulnerabilities impacting their above-talked about product line.

The CVE-2023-3519 as the severe zero-day vulnerability among the three, enabling unauthenticated attackers to accomplish code on inclined Gateway programs remotely.