Apple has released patches to address multiple vulnerabilities impacting popular products, including iOS and iPadOS. Two of the vulnerabilities, CVE-2024-23225 and CVE-2024-23296, were reportedly exploited in attacks against iOS and macOS. Apple mentioned in the advisory that it is aware of the exploitation of the vulnerabilities.
Author: Diksha Ojha
Progress OpenEdge Authentication Gateway and AdminServer Authentication Bypass Vulnerability (CVE-2024-1403)
Progress has released patches to address a security flaw that may cause unauthorized access on attempted logins. Tracked as CVE-2024-1403, the vulnerability impacts the OpenEdge Authentication Gateway and AdminServer. The vulnerability has been given a critical severity rating with a CVSS score of 9.8.
WordPress LiteSpeed Cache Plugin Cross Site Scripting (XSS) Vulnerability (CVE-2023-40000)
WordPress LiteSpeed Cache plugin is vulnerable to cross-site scripting vulnerability that may lead to privilege escalation. CVE-2023-40000 may allow an unauthenticated user to steal sensitive information and elevate their privilege on the WordPress site by performing a single HTTP request.
VMware Arbitrary Authentication Relay and Session Hijack Vulnerabilities Impacting Deprecated Enhanced Authentication Plug-in (EAP) (CVE-2024-22245 & CVE-2024-22250)
VMware has requested the users to uninstall a deprecated Enhanced Authentication Plug-in (EAP) in response to two vulnerabilities. Tracked as CVE-202402245 and CVE-2024-22250, the vulnerabilities have critical and important severity ratings, respectively. VMware announced the deprecation of the EAP in 2021 with the release of vCenter Server 7.0u2.
SolarWinds Access Rights Manager (ARM) Multiple Vulnerabilities Allows Remote Code Execution
Security researchers at Trend Micro Zero Day Initiative discovered multiple vulnerabilities impacting SolarWinds Access Rights Manager (ARM). Successful exploitation of the vulnerabilities may allow the attackers to perform remote code execution on target systems. CVE-2024-23476, CVE-2024-23479, and CVE-2023-40057 are given critical severity ratings and CVSS scores of 9.6, 9.6, and 9.0, respectively. CVE-2024-23477 and CVE-2024-23478 … Continue reading “SolarWinds Access Rights Manager (ARM) Multiple Vulnerabilities Allows Remote Code Execution”
QNAP QTS OS Command Injection Vulnerabilities (CVE-2023-47218 & CVE-2023-50358)
Two OS command injection vulnerabilities impact the operating systems embedded in the firmware of QNAP’s popular network-attached storage (NAS) devices. Tracked as CVE-2023-47218 and CVE-2023-50358, the vulnerabilities may allow users to execute commands via a network. The vulnerabilities affect QNAP operating systems such as QTS, QuTS Hero, and QuTS Cloud. CVE-2023-47218 can be exploited by … Continue reading “QNAP QTS OS Command Injection Vulnerabilities (CVE-2023-47218 & CVE-2023-50358)”
Improper Input Validation vulnerability in Zoom Windows Apps (CVE-2024-24691)
Zoom addressed a vulnerability that impacts the Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. Tracked as CVE-2024-24691, the vulnerability has a critical severity with a CVSS score 9.6. The vulnerability may allow an unauthenticated user to escalate privilege with the help of network access.
Microsoft Patch Tuesday, February 2024 Security Update Review
The new Microsoft Patch Tuesday Edition for February 2024 is now live! We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday’s February 2024 edition addressed 79 vulnerabilities, including five critical and 66 important severity vulnerabilities. Microsoft has addressed two vulnerabilities known to be … Continue reading “Microsoft Patch Tuesday, February 2024 Security Update Review”
Critical Vulnerability in Shim Impacts Major Linux Distributors (CVE-2023-40547)
Shim is a crucial software most Linux distributions use in the boot process to support Secure Boot. At the start of the month, Bill Demirkapi of the Microsoft Security Response Center (MSRC) discovered a critical severity vulnerability impacting the software. Tracked as CVE-2023-40547, the vulnerability could lead to remote code execution, crash, denial of service, and exposure of … Continue reading “Critical Vulnerability in Shim Impacts Major Linux Distributors (CVE-2023-40547)”
Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)
Ivanti has warned users to patch an XML external entity vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways. CVE-2024-22024 may allow an attacker to access certain restricted resources without authentication. Ivanti has mentioned in the advisory, “We have no evidence of this vulnerability being exploited in the wild as it was found during our internal review … Continue reading “Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)”