Microsoft Patch Tuesday, May 2024 Security Update Review

Microsoft has released its May edition of Patch Tuesday. Let’s take a deep dive into the crucial insights from Microsoft’s Patch Tuesday updates for May 2024. Microsoft Patch Tuesday’s May 2024 edition addressed 67 vulnerabilities, including one critical and 59 important severity vulnerabilities. In this month’s security updates, Microsoft has addressed two zero-day vulnerabilities known … Continue reading “Microsoft Patch Tuesday, May 2024 Security Update Review”

Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4761)

Google has released updates to address an actively exploited vulnerability in the Chrome browser. Tracked as CVE-2024-4761, Google has given the vulnerability a high severity rating. The out-of-bounds write vulnerability impacts the V8 JavaScript engine. The engine executes JS code in the application.

Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4671)

Google has released updates to address an actively exploited vulnerability in the Chrome browser. Tracked as CVE-2024-4671, Google has given the vulnerability a high severity rating. The use-after-free vulnerability exists in the Visuals component. In the advisory, Google mentioned that they are aware of the active exploitation of the vulnerability.

F5 BIG-IP Next Central Manager Multiple Vulnerabilities (CVE-2024-21793 & CVE-2024-26026)

F5 BIG-IP Central Manager is vulnerable to two remotely exploitable security flaws, CVE-2024-21793 & CVE-2024-26026. Successful exploitation of the vulnerabilities may allow attackers to gain complete administrative control of the device and subsequently create accounts on any F5 assets managed by the Next Central Manager.

Tinyproxy HTTP Connection Headers Use After Free Vulnerability (CVE-2023-49606)

A significant unpatched vulnerability in the HTTP/HTTPS proxy tool exposes more than 50,000 Tinyproxy service hosts on the internet. Tracked as CVE-2023-49606, the vulnerability has a critical severity rating with a CVSS score of 9.8. This is a use-after-free vulnerability in the HTTP Connection Headers parsing in Tinyproxy. A specially crafted HTTP header can trigger the … Continue reading “Tinyproxy HTTP Connection Headers Use After Free Vulnerability (CVE-2023-49606)”

HPE Aruba Networking Patches Critical Vulnerabilities Impacting ArubaOS (CVE-2024-26304, CVE-2024-26305, CVE-2024-33511, & CVE-2024-33512)

Aruba Networking has released security updates to address ten critical and medium severity vulnerabilities in ArubaOS. Four vulnerabilities have been rated critical with a CVSSv3 score of 9.8: CVE-2024-26304, CVE-2024-26305, CVE-2024-33511, and CVE-2024-33512. Successful exploitation of these vulnerabilities may lead to remote code execution.

Progress Flowmon OS Command Injection Vulnerability (CVE-2024-2389)

Progress released a patch to address a critical severity vulnerability in Flowmon. Tracked as CVE-2024-2389, the vulnerability is given a CVSS base score of 10. Successful exploitation of the vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on a targeted system.

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities Exploited in the Wild (CVE-2024-20353 & CVE-2024-20359)

Cisco released software updates to address two actively exploited vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software (CVE-2024-20353 & CVE-2024-20359). Successful exploitation of the vulnerabilities may result in remote code execution and denial of service (DoS) conditions. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, acknowledging … Continue reading “Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities Exploited in the Wild (CVE-2024-20353 & CVE-2024-20359)”

Ivanti Patches Multiple Vulnerabilities Impacting Avalanche Mobile Device Management Solution (CVE-2024-24996 & CVE-2024-29204)

Ivanti released a security advisory to address 27 medium, high, and critical severity vulnerabilities in its mobile device management solution Avalanche. CVE-2024-24996 and CVE-2024-29204 are the two vulnerabilities that have been given critical severity ratings. Successful exploitation of the vulnerabilities may allow remote attackers to trigger denial-of-service attacks, execute arbitrary commands as SYSTEM, read sensitive … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Avalanche Mobile Device Management Solution (CVE-2024-24996 & CVE-2024-29204)”

Oracle Patch Update, April 2024 Security Update Review

Oracle released its second quarterly edition of Critical Patch Update, which contains patches for 441 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In the second quarterly Oracle Critical Patch Update, Oracle Communications received … Continue reading “Oracle Patch Update, April 2024 Security Update Review”