1、Citrix ADC & Citrix Gateway远程代码执行漏洞
CVE:CVE-2023-3519影响版本:NetScaler ADC 和 NetScaler Gateway 13.1 < 13.1-49.13NetScaler ADC 和 NetScaler Gateway 13.0 < 13.0-91.13NetScaler ADC 13.1-FIPS < 13.1-37.159NetScaler ADC 12.1-FIPS < 12.1-55.297NetScaler ADC 12.1-NDcPP < 12.1-55.297
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve-2023-3519-cve20233466-cve20233467
2、Atlassian Confluence Data Center & Server远程代码执行漏洞
CVE:CVE-2023-22508CVE-2023-22505CVE-2023-22506影响版本:CVE-2023-225087.19.8 <= Confluence Data Center & Server < 8.2.0CVE-2023-225058.0.0 <= Confluence Data Center & Server < 8.3.2、8.4.0CVE-2023-225068.0.0 <= Bamboo Data Center & Server < 9.2.3、9.3.1
https://jira.atlassian.com/browse/CONFSERVER-88221
https://jira.atlassian.com/browse/CONFSERVER-88265
https://jira.atlassian.com/browse/BAM-22400
3、OpenSSH ssh-agent远程代码执行漏洞
CVE:CVE-2023-38408影响版本:OpenSSH 版本< 9.3p2
https://www.openssh.com/releasenotes.html#9.3p2
4、泛微e-cology SQL注入漏洞
CVE:CVE-2023-3793影响版本:泛微e-cology版本<10.58.0
https://vuldb.com/?id.235061
5、Apache Shiro身份验证绕过漏洞
CVE:CVE-2023-34478影响版本:Apache Shiro版本 < 1.12.0Apache Shiro版本 < 2.0.0-alpha-3
https://www.mail-archive.com/[email protected]/msg08364.html
6、Metabase远程代码执行漏洞
CVE:CVE-2023-38646影响版本:Metabase开源版本< v0.46.6.1Metabase企业版本< v1.46.6.1Metabase开源版本< v0.45.4.1Metabase企业版本< v1.45.4.1Metabase开源版本< v0.44.7.1Metabase企业版本< v1.44.7.1Metabase开源版本< v0.43.7.2Metabase企业版本< v1.43.7.2
https://www.metabase.com/blog/security-advisory
7、VMware Tanzu Application Service for VMs & Isolation Segment信息泄露漏洞
CVE:CVE-2023-20891影响版本:VMware Tanzu Application Service for VMs 4.0.x < 4.0.5VMware Tanzu Application Service for VMs 3.0.x < 3.0.14VMware Tanzu Application Service for VMs 2.13.x < 2.13.24VMware Tanzu Application Service for VMs 2.11.x < 2.11.42Isolation Segment 4.0.x < 4.0.4Isolation Segment 3.0.x < 3.0.13Isolation Segment 2.13.x < 2.13.20Isolation Segment 2.11.x < 2.11.35
https://www.vmware.com/security/advisories/VMSA-2023-0016.html
8、Apache Jackrabbit 远程代码执行漏洞
CVE:CVE-2023-37895影响版本:Apache Jackrabbit Webapp (jackrabbit-webapp) 2.21.0 < 2.21.18 Apache Jackrabbit Webapp (jackrabbit-webapp) 1.0.0 < 2.20.11 Apache Jackrabbit Standalone (jackrabbit-standalone 和 jackrabbit-standalone-components) 2.21.0 < 2.21.18Apache Jackrabbit Standalone (jackrabbit-standalone 和 jackrabbit-standalone-components) 1.0.0 < 2.20.11
https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw
9、Jeecg-Boot SQL注入漏洞
CVE:CVE-2023-38992影响版本:Jeecg-Boot版本 < 3.5.3
https://github.com/jeecgboot/jeecg-boot/issues/5173
10、QNAP QVPN Device Client for Windows代码执行漏洞
CVE:CVE-2022-27595影响版本:CVE-2022-27595:QNAP QVPN Device Client for Windows < 2.0.0.1316注:适用于 macOS、Android 和 iOS 的QVPN Device Client不受该漏洞影响。CVE-2022-27600:QTS < 5.0.1.2277 build 20230112QTS < 4.5.4.2280 build 20230112QuTS Hero < h5.0.1.2277 build 20230112QuTS Hero < h4.5.4.2374 build 20230417QuTScloud < c5.0.1.2374 build 20230419QVR Pro Appliance < 2.3.1.0476
https://www.qnap.com/en-us/security-advisory/qsa-23-04
11、Metabase H2远程代码执行漏洞
CVE:CVE-2023-22508CVE-2023-22505CVE-2023-22506影响版本:CVE-2023-225087.19.8 <= Confluence Data Center & Server < 8.2.0CVE-2023-225058.0.0 <= Confluence Data Center & Server < 8.3.2、8.4.0CVE-2023-225068.0.0 <= Bamboo Data Center & Server < 9.2.3、9.3.10
https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83
12、IBM SDK Java Technology Edition任意代码执行漏洞
CVE:CVE-2023-22508CVE-2023-22505CVE-2023-22506影响版本:CVE-2023-225087.19.8 <= Confluence Data Center & Server < 8.2.0CVE-2023-225058.0.0 <= Confluence Data Center & Server < 8.3.2、8.4.0CVE-2023-225068.0.0 <= Bamboo Data Center & Server < 9.2.3、9.3.11
https://www.ibm.com/support/pages/node/7017032
13、Ivanti Endpoint Manager Mobile 路径遍历漏洞
CVE:CVE-2023-22508CVE-2023-22505CVE-2023-22506影响版本:CVE-2023-225087.19.8 <= Confluence Data Center & Server < 8.2.0CVE-2023-225058.0.0 <= Confluence Data Center & Server < 8.3.2、8.4.0CVE-2023-225068.0.0 <= Bamboo Data Center & Server < 9.2.3、9.3.12
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
推荐阅读:
Ps:国内外安全热点分享,欢迎大家分享、转载,请保证文章的完整性。文章中出现敏感信息和侵权内容,请联系作者删除信息。信息安全任重道远,感谢您的支持!!!
本公众号的文章及工具仅提供学习参考,由于传播、利用此文档提供的信息而造成任何直接或间接的后果及损害,均由使用者本人负责,本公众号及文章作者不为此承担任何责任。
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...