Zyxel has released patches to address five vulnerabilities in two NAS products that have reached end-of-vulnerability-support. Successful exploitation of the vulnerabilities may result in command injection and remote code execution. The vulnerabilities have been given medium and critical severity ratings. Timothy Hjort from Outpost24 has discovered and reported the vulnerabilities to Zyxel. The security researcher … Continue reading “Zyxel Patches Multiple Vulnerabilities in NAS Products”
JetBrains Released Patches for Vulnerability Impacting IntelliJ IDEA (CVE-2024-37051)
JetBrains IntelliJ integrated development environment (IDE) apps are vulnerable to a critical security flaw tracked as CVE-2024-37051. The vulnerability may allow attackers to disclose GitHub access tokens to third-party sites. The vulnerability exists in the JetBrains IntelliJ-based IDEs that have the JetBrains GitHub plugin enabled and configured/in-use.
VMware vCenter Server Multiple Critical Vulnerabilities (CVE-2024-37079, CVE-2024-37080, & CVE-2024-37081)
VMware vCenter Server is vulnerable to multiple vulnerabilities that may allow attackers to elevate privileges and perform remote code execution. Tracked as CVE-2024-37079, CVE-2024-37080, & CVE-2024-37081, the vulnerabilities are given critical and important severity ratings.
Microsoft Patch Tuesday, June 2024 Security Update Review
Microsoft’s June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month’s release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let’s dive into the crucial insights from Microsoft’s Patch Tuesday updates for June 2024. Microsoft Patch Tuesday’s June 2024 edition addressed 58 vulnerabilities, including one … Continue reading “Microsoft Patch Tuesday, June 2024 Security Update Review”
PHP CGI Argument Injection Vulnerability (CVE-2024-4577)
Security Researcher Orange Tsai recently discovered a critical argument injection vulnerability in PHP CGI that could allow attackers to execute arbitrary code without any authentication, leading to possible system compromise. The use of PHP CGI has faded over time; however, CVE-2024-4577 affects the default configuration of XAMPP. XAMPP is a popular software used by PHP … Continue reading “PHP CGI Argument Injection Vulnerability (CVE-2024-4577)”
Fortra Tripwire Enterprise Authentication Bypass Vulnerability (CVE-2024-4332)
Fortra released a security advisory to address a vulnerability impacting Tripwire Enterprise. Tracked as CVE-2024-4332, the vulnerability has been given a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability could allow remote attackers to gain privileged access to the APIs.
Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)
A security researcher at Trend Micro Zero Day Initiative discovered a vulnerability in the Progress Telerik Report Server. CVE-2024-4358 is a critical severity vulnerability allowing an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report server-restricted functionality.
Check Point Security Gateways Information Disclosure Vulnerability Exploited in the Wild (CVE-2024-24919)
Check Point warned its customers of a vulnerability impacting its Network Security gateway products. The vulnerability, tracked as CVE-2024-24919, is being exploited in the wild. Successful exploitation of the vulnerability may allow an attacker to read specific information on Internet-connected Gateways with remote access VPN or mobile access enabled. CISA acknowledged the active exploitation of … Continue reading “Check Point Security Gateways Information Disclosure Vulnerability Exploited in the Wild (CVE-2024-24919)”
Fluent Bit Memory Corruption Vulnerability (CVE-2024-4323)
Fluent Bit, a widespread logging and metrics utility, is vulnerable to a memory corruption flaw tracked as CVE-2024-4323. Successful exploitation of the vulnerability may lead to denial of service, information disclosure, or, in extreme cases, remote code execution. The vulnerability has a critical severity rating and a CVSS score of 9.8.
Google Chrome Zero-day Vulnerability, Eighth this year (CVE-2024-5274)
Another vulnerability in Chrome is being exploited in the wild. Tracked as CVE-2024-5274, this is a type confusion vulnerability in V8 JavaScript engine. Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security have discovered and reported the vulnerability. CISA acknowledged the active exploitation of CVE-2024-5274 by adding it to its Known … Continue reading “Google Chrome Zero-day Vulnerability, Eighth this year (CVE-2024-5274)”
