The English, American, Canadian, Australian and New Zealand security agencies, the Five Eyes, have revealed their top 15 most significant vulnerabilities in 2023. Small selection:
1 vulnerability linked to Citrix NetScaler ADC Gateway: unauthorized authentication and buffer overflow. CVE-2023-3519
2 Fortinet FortiOS and FortiProxy SSL-VPN vulnerability: remote access with execution of unauthorized code or command CVE-2023-27997
3 Vulnerability on Atlassian Confluence Datacenter and server: undefined input validation with possibility of injecting unauthorized HTTP parameters, Java code modified on the runtime, created by an unauthorized administrator CVE-2023-22515
4 Log4Shell: ah, the famous Log4J flaw! This vulnerability has shaken millions of businesses. Its fixation caused more solution problems. CVE-2021-44228
5 Flaw in Zoho ManageEngine and various solutions: unauthorized access, improper input validation. CVE-2022-47966
The exploits are relatively classic when we look at all the vulnerabilities on the list: buffer overflow, injection of codes or commands, remote execution of unauthorized code.
Full list on the CISA website: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
