Ivanti Neurons for ITSM is vulnerable to a critical flaw tracked as CVE-2024-46808. Successful exploitation of the vulnerability may allow an attacker to write files to sensitive directories.
Atlassian Bamboo Server and Data Center SQL Injection Vulnerability (CVE-2024-1597)
Atlassian released its Monthly Security Bulletin for March, which addressed 24 high-severity vulnerabilities and one critical-severity vulnerability (CVE-2024-1597). CVE-2024-1597 is a SQL injection vulnerability in the Atlassian Bamboo Server and Data Center. The vulnerability has been given a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability may allow an … Continue reading “Atlassian Bamboo Server and Data Center SQL Injection Vulnerability (CVE-2024-1597)”
Ivanti Patches Remote Code Execution Vulnerability in Standalone Sentry (CVE-2023-41724)
NATO Cyber Security Centre researchers have discovered a critical severity vulnerability impacting the Ivanti Standalone Sentry. Tracked as CVE-2023-41724 is given a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary commands.
FortiClient Endpoint Management Server (EMS) SQL Injection Vulnerability (CVE-2023-48788)
Fortinet addressed a critical severity vulnerability impacting the FortiClient Enterprise Management Server. Tracked as CVE-2023-48788, the vulnerability may allow an attacker to achieve code execution on affected systems. The vulnerability has been given a CVSS score of 9.3.
FortiOS & FortiProxy Out-of-bounds Write Vulnerability in Captive Portal (CVE-2023-42789 & CVE-2023-42790)
Fortinet has released a patch to address two vulnerabilities impacting FortiOS and FortiProxy. Tracked as CVE-2023-42789 & CVE-2023-42790, the vulnerabilities are given a critical severity rating with a CVSS score of 9.3. Successful exploitation of the vulnerabilities may allow an attacker to execute unauthorized code.
Microsoft Patch Tuesday, March 2024 Security Update Review
Welcome to another insightful dive into Microsoft’s Patch Tuesday! This month’s security updates address many CVEs, underscoring the ongoing battle against digital vulnerabilities. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday’s March 2024 edition addressed 64 vulnerabilities, including two critical and 58 … Continue reading “Microsoft Patch Tuesday, March 2024 Security Update Review”
QNAP Patches Critical Vulnerabilities Impacting NAS Devices (CVE-2024-21899, CVE-2024-21900, & CVE-2024-21901)
Multiple NAS devices, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, are vulnerable to three critical severity flaws. Tracked as CVE-2024-21899, CVE-2024-21900, & CVE-2024-21901, the vulnerabilities could allow authenticated administrators to inject malicious code via a network that compromises the system’s security.
Attackers Exploited Vulnerabilities in Attacks Against iOS and macOS (CVE-2024-23225 & CVE-2024-23296)
Apple has released patches to address multiple vulnerabilities impacting popular products, including iOS and iPadOS. Two of the vulnerabilities, CVE-2024-23225 and CVE-2024-23296, were reportedly exploited in attacks against iOS and macOS. Apple mentioned in the advisory that it is aware of the exploitation of the vulnerabilities.
Progress OpenEdge Authentication Gateway and AdminServer Authentication Bypass Vulnerability (CVE-2024-1403)
Progress has released patches to address a security flaw that may cause unauthorized access on attempted logins. Tracked as CVE-2024-1403, the vulnerability impacts the OpenEdge Authentication Gateway and AdminServer. The vulnerability has been given a critical severity rating with a CVSS score of 9.8.
WordPress LiteSpeed Cache Plugin Cross Site Scripting (XSS) Vulnerability (CVE-2023-40000)
WordPress LiteSpeed Cache plugin is vulnerable to cross-site scripting vulnerability that may lead to privilege escalation. CVE-2023-40000 may allow an unauthenticated user to steal sensitive information and elevate their privilege on the WordPress site by performing a single HTTP request.
