Ivanti released an advisory to address a critical severity vulnerability impacting Ivanti Virtual Traffic Manager. Tracked as CVE-2024-7593, the vulnerability has a CVSS score of 9.8. A remote, unauthenticated attacker may bypass authentication and create administrative users on successful exploitation. The vulnerability originates from an incorrect implementation of an authentication algorithm. Ivanti mentioned in the … Continue reading “Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (CVE-2024-7593)”
Microsoft Patch Tuesday, August 2024 Security Update Review
Microsoft’s August Patch Tuesday updates are out, and they address a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications. Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along … Continue reading “Microsoft Patch Tuesday, August 2024 Security Update Review”
Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2024-37287)
Kibana, a data visualization tool, released a patch to address a critical severity flaw that may allow an attacker to perform arbitrary code execution on target systems. Tracked as CVE-2024-37287, the vulnerability has a CVSS score of 9.9.
Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)
Apache OFBiz is vulnerable to a pre-authentication flaw that can lead to remote code execution. Tracked as CVE-2024-38856, the vulnerability has a critical severity rating with a CVSS score of 9.8. SonicWall has discovered and reported the vulnerability to Apache. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely, leading … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)”
Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)
An authentication bypass vulnerability in the Acronis Cyber Infrastructure is being exploited in the wild. Tracked as CVE-2023-45249, this vulnerability has a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on vulnerable systems. An attacker may exploit the vulnerability … Continue reading “Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)”
Progress Telerik Report Server Insecure Deserialization Vulnerability (CVE-2024-6327)
Progress addressed a critical severity vulnerability impacting the Telerik Report Server. Tracked as CVE-2024-6327, the vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to complete system compromise. The vulnerability originates from an insecure deserialization flaw.
WordPress Redux Framework Plugin: Unauthenticated JSON File Upload Vulnerability (CVE-2024-6828)
The Redux Framework plugin is a powerful and extensible options framework for WordPress that allows developers to create custom themes and plugins with an intuitive user interface for settings and configurations. On July 22th, 2024, a high security vulnerability was discovered in the Redux Framework plugin for WordPress, marked as CVE-2024-6828. The plugins have more than … Continue reading “WordPress Redux Framework Plugin: Unauthenticated JSON File Upload Vulnerability (CVE-2024-6828)”
Cisco Secure Email Gateway Arbitrary File Write Vulnerability (CVE-2024-20401)
Cisco addressed a critical severity vulnerability in the Cisco Secure Email Gateway. Tracked as CVE-2024-20401, the vulnerability may allow an attacker to replace any file on the underlying file system.
Oracle Critical Patch Update, July 2024 Security Update Review
Oracle released its third quarterly edition of Critical Patch Update, which contains patches for 386 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In the third quarterly Oracle Critical Patch Update, Oracle Communications received … Continue reading “Oracle Critical Patch Update, July 2024 Security Update Review”
Apache HTTP Server Prior to 2.4.60 Multiple Security Vulnerabilities
The Apache HTTP Server is a free and open-source cross-platform web server software. Multiple vulnerabilities have been addressed in Apache HTTP Server version 2.4.60. These vulnerabilities affect versions prior to 2.4.59 and have been resolved in version 2.4.60.
