NVD disclosure day
CVE-2023-41763
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in Microsoft Skype for Business Server could allow an attacker to gain elevated privileges. This impacts organizations using the server software, potentially leading to unauthorized access or system disruption. The business risk involves unauthorized control over affected systems.
CVE-2023-36584
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in Windows' Mark of the Web security feature allows attackers to bypass warnings, potentially leading to a limited loss of integrity and availability. This impacts organizations using affected Windows systems and poses a risk if users interact with specially crafted files. Mitigation is recommended.
CVE-2023-36563
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
Microsoft WordPad has an information disclosure vulnerability. Affected systems could allow attackers to access sensitive data if a specially crafted file is opened by a user. This presents a risk to organizational data confidentiality. Organizations should apply vendor updates to mitigate this risk.
CVE-2023-4966
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
The NetScaler ADC and NetScaler Gateway are affected by a vulnerability enabling sensitive information disclosure. This matters because unauthorized access to confidential data can occur when these systems are configured as Gateways. The business risk involves potential exposure of organizational data.
CVE-2023-44487
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A critical flaw in the HTTP/2 protocol allows for massive denial-of-service attacks that can shut down web servers. This vulnerability is actively being exploited and poses a significant risk to internet-facing services.