SolarWinds Web Help Desk (WHD) Java Deserialization Vulnerability (CVE-2024-28986)

SolarWinds Web Help Desk has been identified as vulnerable to a Java Deserialization Remote Code Execution vulnerability, which was tracked as CVE-2024-28986. The vulnerability has been given a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to execute commands on target systems. The advisory states that … Continue reading “SolarWinds Web Help Desk (WHD) Java Deserialization Vulnerability (CVE-2024-28986)”

Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (CVE-2024-7593)

Ivanti released an advisory to address a critical severity vulnerability impacting Ivanti Virtual Traffic Manager. Tracked as CVE-2024-7593, the vulnerability has a CVSS score of 9.8. A remote, unauthenticated attacker may bypass authentication and create administrative users on successful exploitation. The vulnerability originates from an incorrect implementation of an authentication algorithm. Ivanti mentioned in the … Continue reading “Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (CVE-2024-7593)”

Microsoft Patch Tuesday, August 2024 Security Update Review

Microsoft’s August Patch Tuesday updates are out, and they address a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications. Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along … Continue reading “Microsoft Patch Tuesday, August 2024 Security Update Review”

Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)

Apache OFBiz is vulnerable to a pre-authentication flaw that can lead to remote code execution. Tracked as CVE-2024-38856, the vulnerability has a critical severity rating with a CVSS score of 9.8. SonicWall has discovered and reported the vulnerability to Apache. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely, leading … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)”

Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)

An authentication bypass vulnerability in the Acronis Cyber Infrastructure is being exploited in the wild. Tracked as CVE-2023-45249, this vulnerability has a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on vulnerable systems. An attacker may exploit the vulnerability … Continue reading “Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)”

Progress Telerik Report Server Insecure Deserialization Vulnerability (CVE-2024-6327)

Progress addressed a critical severity vulnerability impacting the Telerik Report Server. Tracked as CVE-2024-6327, the vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to complete system compromise. The vulnerability originates from an insecure deserialization flaw.

WordPress Redux Framework Plugin: Unauthenticated JSON File Upload Vulnerability (CVE-2024-6828)

The Redux Framework plugin is a powerful and extensible options framework for WordPress that allows developers to create custom themes and plugins with an intuitive user interface for settings and configurations. On July 22th, 2024, a high security vulnerability was discovered in the Redux Framework plugin for WordPress, marked as CVE-2024-6828. The plugins have more than … Continue reading “WordPress Redux Framework Plugin: Unauthenticated JSON File Upload Vulnerability (CVE-2024-6828)”

Oracle Critical Patch Update, July 2024 Security Update Review

Oracle released its third quarterly edition of Critical Patch Update, which contains patches for 386 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In the third quarterly Oracle Critical Patch Update, Oracle Communications received … Continue reading “Oracle Critical Patch Update, July 2024 Security Update Review”