Progress addressed a critical severity vulnerability impacting the Telerik Report Server. Tracked as CVE-2024-6327, the vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to complete system compromise. The vulnerability originates from an insecure deserialization flaw.
Category: ThreatPROTECT
WordPress Redux Framework Plugin: Unauthenticated JSON File Upload Vulnerability (CVE-2024-6828)
The Redux Framework plugin is a powerful and extensible options framework for WordPress that allows developers to create custom themes and plugins with an intuitive user interface for settings and configurations. On July 22th, 2024, a high security vulnerability was discovered in the Redux Framework plugin for WordPress, marked as CVE-2024-6828. The plugins have more than … Continue reading “WordPress Redux Framework Plugin: Unauthenticated JSON File Upload Vulnerability (CVE-2024-6828)”
Cisco Secure Email Gateway Arbitrary File Write Vulnerability (CVE-2024-20401)
Cisco addressed a critical severity vulnerability in the Cisco Secure Email Gateway. Tracked as CVE-2024-20401, the vulnerability may allow an attacker to replace any file on the underlying file system.
Oracle Critical Patch Update, July 2024 Security Update Review
Oracle released its third quarterly edition of Critical Patch Update, which contains patches for 386 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In the third quarterly Oracle Critical Patch Update, Oracle Communications received … Continue reading “Oracle Critical Patch Update, July 2024 Security Update Review”
Apache HTTP Server Prior to 2.4.60 Multiple Security Vulnerabilities
The Apache HTTP Server is a free and open-source cross-platform web server software. Multiple vulnerabilities have been addressed in Apache HTTP Server version 2.4.60. These vulnerabilities affect versions prior to 2.4.59 and have been resolved in version 2.4.60.
GitLab Releases Patches to Address Multiple Vulnerabilities (CVE-2024-6385)
GitLab rolled out a series of patches to address six vulnerabilities in its software development platform, one of which is rated as critical. Tracked as CVE-2024-6385, the vulnerability is rated as critical with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to run pipeline jobs as an arbitrary user.
Microsoft Patch Tuesday, July 2024 Security Update Review
July’s Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Let’s discover the highlights from Microsoft’s Patch Tuesday updates for July 2024. Microsoft Patch Tuesday’s July 2024 edition addressed 142 vulnerabilities, including five critical and 134 important severity vulnerabilities. In this month’s security updates, Microsoft has … Continue reading “Microsoft Patch Tuesday, July 2024 Security Update Review”
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2024-20399)
Cisco has released patches to address a zero-day vulnerability exploited in April. Tracked as CVE-2024-20399, the vulnerability impacts Cisco NX-OS Software. Successful exploitation of the vulnerability could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. Cybersecurity firm Sygnia reported the vulnerability to Cisco along with the information about … Continue reading “Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2024-20399)”
WordPress Plugins Injected Backdoor Vulnerability Impacts Multiple (CVE-2024-6297)
Multiple WordPress plugins are vulnerable to a critical severity vulnerability tracked as CVE-2024-6297. The vulnerability is given a CVSS score of 10. The vulnerability impacts 13 plugins. WordPress plugins hosted on WordPress.org have been hijacked, as malicious PHP scripts have been injected into them. As per the WordPress advisory, “A malicious threat actor compromised the … Continue reading “WordPress Plugins Injected Backdoor Vulnerability Impacts Multiple (CVE-2024-6297)”
Progress MOVEit Transfer Authentication Bypass Vulnerability (CVE-2024-5806)
Progress Software has released patches to address a critical severity vulnerability impacting MOVEit File Transfer. Tracked as CVE-2024-5806, the vulnerability has a CVSS score of 9.1. This is an improper authentication vulnerability that exists in the SFTP module of the MOVEit Transfer. Successful exploitation of the vulnerability may lead to an authentication bypass.
