Ivanti released a security advisory to address ten vulnerabilities in its Endpoint Manager. The vulnerabilities are given critical and high security vulnerabilities. On successful exploitation, an attacker with access to the internal network can execute arbitrary SQL queries and retrieve output without needing authentication. This can then allow the attacker control over machines running the … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)”
Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2024-29849)
Veeam released a security advisory to address four vulnerabilities of different severity ratings. All the vulnerabilities impact Veeam Backup and Replication. One of the four vulnerabilities, CVE-2024-29849, is rated as critical with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an unauthenticated attacker to log in to the Veeam Backup Enterprise … Continue reading “Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2024-29849)”
Atlassian SQL Injection Vulnerability Impacts Jira and Confluence (CVE-2024-1597)
Atlassian released a security advisory to address a critical severity vulnerability impacting its popular products, Jira and Confluence. Tracked as CVE-2024-1597, the vulnerability has a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an unauthenticated attacker to expose assets in the environment. The org.postgresql:postgresql dependency vulnerability is only exploited when the instance … Continue reading “Atlassian SQL Injection Vulnerability Impacts Jira and Confluence (CVE-2024-1597)”
GitHub Enterprise Server Authentication Bypass Vulnerability (CVE-2024-4985)
A critical severity flaw with the maximum severity rating is discovered in the GitHub Enterprise Server (GHES). Tracked as CVE-2024-4985, the vulnerability may allow an attacker to access the vulnerable server without prior authentication.
Zabbix Server Audit Log Time-Based SQL Injection Vulnerability (CVE-2024-22120)
The Zabbix server is vulnerable to an SQL injection vulnerability, tracked as CVE-2024-22120. The vulnerability has been given a critical severity rating with a CVSS score of 9.1. Successful exploitation of the vulnerability may allow a remote authenticated attacker to execute arbitrary SQL queries, allowing the threat actors to dump the database, escalate privileges to admin, … Continue reading “Zabbix Server Audit Log Time-Based SQL Injection Vulnerability (CVE-2024-22120)”
Another Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4947)
Google released a security advisory for the second time this week to address a vulnerability known to be exploited in the wild. In this update, Google addressed nine security vulnerabilities, one of which (CVE-2024-4947) is actively exploited.
VMware Patches Critical Vulnerabilities in Workstation and Fusion (CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, & CVE-2024-22270)
VMware has released a security advisory to address four vulnerabilities impacting VMware Workstation Pro / Player and VMware Fusion. The vulnerabilities are tracked as CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, and CVE-2024-22270. CVE-2024-22267, CVE-2024-22269, & CVE-2024-22270, were exploited in the Pwn2Own 2024 Security Contest.
Aruba Patches Multiple Critical Vulnerabilities in Aruba Access Points
HPE Aruba Networking has released a security advisory to address multiple vulnerabilities impacting Aruba Access Points running InstantOS and ArubaOS 10. The security advisory addressed 18 vulnerabilities, out of which eight are rated as critical. All the critical severity vulnerabilities have been given a CVSS score of 9.8.
Microsoft Patch Tuesday, May 2024 Security Update Review
Microsoft has released its May edition of Patch Tuesday. Let’s take a deep dive into the crucial insights from Microsoft’s Patch Tuesday updates for May 2024. Microsoft Patch Tuesday’s May 2024 edition addressed 67 vulnerabilities, including one critical and 59 important severity vulnerabilities. In this month’s security updates, Microsoft has addressed two zero-day vulnerabilities known … Continue reading “Microsoft Patch Tuesday, May 2024 Security Update Review”
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4761)
Google has released updates to address an actively exploited vulnerability in the Chrome browser. Tracked as CVE-2024-4761, Google has given the vulnerability a high severity rating. The out-of-bounds write vulnerability impacts the V8 JavaScript engine. The engine executes JS code in the application.
