Google has released security updates to address four vulnerabilities impacting Chrome. One of the four vulnerabilities, CVE-2024-0519, is exploited in the wild. The vulnerability was reported anonymously to Google. CVE-2024-0519 is the first zero-day vulnerability addressed by Google this year. CVE-2024-0519 is a high-severity out-of-bounds memory access vulnerability in the V8 JavaScript and WebAssembly engines. … Continue reading “Google Patches Actively Exploited Zero-day Vulnerability Impacting Chrome Browser (CVE-2024-0519)”
Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities Exploited in the Wild (CVE-2023-6548 and CVE-2023-6549)
CVE-2023-6548 and CVE-2023-6549 are the two vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway. On successful exploitation, the vulnerabilities may result in remote code execution and denial of service. Citrix has mentioned in the advisory that they have observed the exploitation attempts on vulnerable appliances. Citrix stated in the advisory, “This bulletin only applies to … Continue reading “Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities Exploited in the Wild (CVE-2023-6548 and CVE-2023-6549)”
WordPress Patches Multiple Vulnerabilities in POST SMTP Mailer Plugin (CVE-2023-6875 & CVE-2023-7027)
WordPress POST SMTP Mailer Plugin, a widely used email delivery tool, is vulnerable to two flaws that may allow a threat attacker to control a site’s authentication completely. Tracked as CVE-2023-6875 and CVE-2023-7027, the vulnerabilities have been given critical and high severity ratings, respectively. Last Month, Ulyses Saicha and Sean Murphy discovered and reported these … Continue reading “WordPress Patches Multiple Vulnerabilities in POST SMTP Mailer Plugin (CVE-2023-6875 & CVE-2023-7027)”
Juniper Network Operating System (Junos OS) J-Web Out-of-bounds Write Vulnerability (CVE-2024-21591)
Juniper Network Operating System SRX Series and EX Series are vulnerable to an Out-of-bounds Write vulnerability. Tracked as CVE-2024-21591, the vulnerability has a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to create a Denial-of-Service condition. The vulnerability arises due to an insecure function that … Continue reading “Juniper Network Operating System (Junos OS) J-Web Out-of-bounds Write Vulnerability (CVE-2024-21591)”
GitLab EE/CE Account-Take-Over Vulnerability (CVE-2023-7028)
GitLab has released patches to address multiple vulnerabilities for both the Community and Enterprise Edition. CVE-2023-7028 has been given a critical severity rating and a maximum CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. Another vulnerability rated critical with … Continue reading “GitLab EE/CE Account-Take-Over Vulnerability (CVE-2023-7028)”
Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)
The security research team at Veloxity identified an active exploitation of two vulnerabilities (CVE-2023-46805 & CVE-2024-21887) impacting Ivanti Connect Secure VPN devices. When chained together, the vulnerabilities may allow attackers to transmit malicious requests and execute arbitrary commands on a targeted system. According to the research, a Chinese nation-state-level threat actor has exploited the vulnerabilities. … Continue reading “Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)”
Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability (CVE-2024-20272)
Cisco has released a patch to address an arbitrary file upload vulnerability tracked as CVE-2024-20272. Successful exploitation of the vulnerability could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system.
Microsoft Patch Tuesday, January 2024 Security Update Review
The first edition of the Microsoft Patch Tuesday for 2024 is now live! Microsoft has released fewer than usual security fixes in this month’s update. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday’s January 2024 edition addressed 53 vulnerabilities, including two critical … Continue reading “Microsoft Patch Tuesday, January 2024 Security Update Review”
Ivanti Patches Critical SQL Injection Vulnerability in Endpoint Manager (CVE-2023-39336)
A critical severity SQL injection vulnerability has been discovered in the Ivanti Endpoint Manager. Tracked as CVE-2023-39336, the vulnerability has been given a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary SQL queries and retrieve output without needing authentication.
Microsoft Addresses Windows AppX Installer Spoofing Vulnerability Reappeared in Exploitation (CVE-2021-43890)
Microsoft has updated a two-year-old spoofing vulnerability in Windows AppX Installer that affects Microsoft Windows, tracked as CVE-2021-43890. Microsoft has updated the advisory in reference to the reports suggesting an increase in exploitation attempts. Threat actors exploit the vulnerability using social engineering and phishing techniques to target Windows OS users and utilize the ms-appinstaller URI … Continue reading “Microsoft Addresses Windows AppX Installer Spoofing Vulnerability Reappeared in Exploitation (CVE-2021-43890)”
