NATO Cyber Security Centre researchers have discovered a critical severity vulnerability impacting the Ivanti Standalone Sentry. Tracked as CVE-2023-41724 is given a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary commands.
FortiClient Endpoint Management Server (EMS) SQL Injection Vulnerability (CVE-2023-48788)
Fortinet addressed a critical severity vulnerability impacting the FortiClient Enterprise Management Server. Tracked as CVE-2023-48788, the vulnerability may allow an attacker to achieve code execution on affected systems. The vulnerability has been given a CVSS score of 9.3.
FortiOS & FortiProxy Out-of-bounds Write Vulnerability in Captive Portal (CVE-2023-42789 & CVE-2023-42790)
Fortinet has released a patch to address two vulnerabilities impacting FortiOS and FortiProxy. Tracked as CVE-2023-42789 & CVE-2023-42790, the vulnerabilities are given a critical severity rating with a CVSS score of 9.3. Successful exploitation of the vulnerabilities may allow an attacker to execute unauthorized code.
Microsoft Patch Tuesday, March 2024 Security Update Review
Welcome to another insightful dive into Microsoft’s Patch Tuesday! This month’s security updates address many CVEs, underscoring the ongoing battle against digital vulnerabilities. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday’s March 2024 edition addressed 64 vulnerabilities, including two critical and 58 … Continue reading “Microsoft Patch Tuesday, March 2024 Security Update Review”
QNAP Patches Critical Vulnerabilities Impacting NAS Devices (CVE-2024-21899, CVE-2024-21900, & CVE-2024-21901)
Multiple NAS devices, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, are vulnerable to three critical severity flaws. Tracked as CVE-2024-21899, CVE-2024-21900, & CVE-2024-21901, the vulnerabilities could allow authenticated administrators to inject malicious code via a network that compromises the system’s security.
Attackers Exploited Vulnerabilities in Attacks Against iOS and macOS (CVE-2024-23225 & CVE-2024-23296)
Apple has released patches to address multiple vulnerabilities impacting popular products, including iOS and iPadOS. Two of the vulnerabilities, CVE-2024-23225 and CVE-2024-23296, were reportedly exploited in attacks against iOS and macOS. Apple mentioned in the advisory that it is aware of the exploitation of the vulnerabilities.
Progress OpenEdge Authentication Gateway and AdminServer Authentication Bypass Vulnerability (CVE-2024-1403)
Progress has released patches to address a security flaw that may cause unauthorized access on attempted logins. Tracked as CVE-2024-1403, the vulnerability impacts the OpenEdge Authentication Gateway and AdminServer. The vulnerability has been given a critical severity rating with a CVSS score of 9.8.
WordPress LiteSpeed Cache Plugin Cross Site Scripting (XSS) Vulnerability (CVE-2023-40000)
WordPress LiteSpeed Cache plugin is vulnerable to cross-site scripting vulnerability that may lead to privilege escalation. CVE-2023-40000 may allow an unauthenticated user to steal sensitive information and elevate their privilege on the WordPress site by performing a single HTTP request.
VMware Arbitrary Authentication Relay and Session Hijack Vulnerabilities Impacting Deprecated Enhanced Authentication Plug-in (EAP) (CVE-2024-22245 & CVE-2024-22250)
VMware has requested the users to uninstall a deprecated Enhanced Authentication Plug-in (EAP) in response to two vulnerabilities. Tracked as CVE-202402245 and CVE-2024-22250, the vulnerabilities have critical and important severity ratings, respectively. VMware announced the deprecation of the EAP in 2021 with the release of vCenter Server 7.0u2.
Critical ConnectWise ScreenConnect Flaws Patched: Urgent Update Advised
Two vulnerabilities have been identified in ConnectWise’s ScreenConnect software, which is extensively utilized by Managed Service Providers (MSPs) for remote access. These vulnerabilities, CVE-2024-1708, which allows for authentication bypass, and CVE-2024-1709, which enables path traversal, began to be exploited shortly after their disclosure. Rated with a severity score of 10 on the CVSS due to … Continue reading “Critical ConnectWise ScreenConnect Flaws Patched: Urgent Update Advised”