CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack

By: Newsroom — January 10^th 2024 at 04:50

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.

The Hacker News

Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks

By: THN — September 7^th 2023 at 11:02

Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database. Outside of these

The Hacker News

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

By: Ravie Lakshmanan — April 26^th 2023 at 09:29

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access

FreshRSS

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack

Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks