Oracle has released its first quarterly edition of Critical Patch Update, which contains patches for 389 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in a wide range of product families, including Oracle code and third-party components included in Oracle products. In the first … Continue reading “Oracle Patch Update, January 2024 Security Update Review”
Atlassian Confluence Data Center and Server Remote Code Execution Vulnerability (CVE-2023-22527)
Atlassian Confluence Data Center and Server is vulnerable to a critical severity vulnerability, tracked as CVE-2023-22527. The vulnerability has a maximum CVSS score of 10. Successful exploitation of the vulnerability may lead to remote code execution. Petrus Viet discovered the vulnerability and reported it to Atlassian through their Bug Bounty program. It is important to … Continue reading “Atlassian Confluence Data Center and Server Remote Code Execution Vulnerability (CVE-2023-22527)”
Google Patches Actively Exploited Zero-day Vulnerability Impacting Chrome Browser (CVE-2024-0519)
Google has released security updates to address four vulnerabilities impacting Chrome. One of the four vulnerabilities, CVE-2024-0519, is exploited in the wild. The vulnerability was reported anonymously to Google. CVE-2024-0519 is the first zero-day vulnerability addressed by Google this year. CVE-2024-0519 is a high-severity out-of-bounds memory access vulnerability in the V8 JavaScript and WebAssembly engines. … Continue reading “Google Patches Actively Exploited Zero-day Vulnerability Impacting Chrome Browser (CVE-2024-0519)”
Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities Exploited in the Wild (CVE-2023-6548 and CVE-2023-6549)
CVE-2023-6548 and CVE-2023-6549 are the two vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway. On successful exploitation, the vulnerabilities may result in remote code execution and denial of service. Citrix has mentioned in the advisory that they have observed the exploitation attempts on vulnerable appliances. Citrix stated in the advisory, “This bulletin only applies to … Continue reading “Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities Exploited in the Wild (CVE-2023-6548 and CVE-2023-6549)”
WordPress Patches Multiple Vulnerabilities in POST SMTP Mailer Plugin (CVE-2023-6875 & CVE-2023-7027)
WordPress POST SMTP Mailer Plugin, a widely used email delivery tool, is vulnerable to two flaws that may allow a threat attacker to control a site’s authentication completely. Tracked as CVE-2023-6875 and CVE-2023-7027, the vulnerabilities have been given critical and high severity ratings, respectively. Last Month, Ulyses Saicha and Sean Murphy discovered and reported these … Continue reading “WordPress Patches Multiple Vulnerabilities in POST SMTP Mailer Plugin (CVE-2023-6875 & CVE-2023-7027)”
Juniper Network Operating System (Junos OS) J-Web Out-of-bounds Write Vulnerability (CVE-2024-21591)
Juniper Network Operating System SRX Series and EX Series are vulnerable to an Out-of-bounds Write vulnerability. Tracked as CVE-2024-21591, the vulnerability has a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to create a Denial-of-Service condition. The vulnerability arises due to an insecure function that … Continue reading “Juniper Network Operating System (Junos OS) J-Web Out-of-bounds Write Vulnerability (CVE-2024-21591)”
GitLab EE/CE Account-Take-Over Vulnerability (CVE-2023-7028)
GitLab has released patches to address multiple vulnerabilities for both the Community and Enterprise Edition. CVE-2023-7028 has been given a critical severity rating and a maximum CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. Another vulnerability rated critical with … Continue reading “GitLab EE/CE Account-Take-Over Vulnerability (CVE-2023-7028)”
Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)
The security research team at Veloxity identified an active exploitation of two vulnerabilities (CVE-2023-46805 & CVE-2024-21887) impacting Ivanti Connect Secure VPN devices. When chained together, the vulnerabilities may allow attackers to transmit malicious requests and execute arbitrary commands on a targeted system. According to the research, a Chinese nation-state-level threat actor has exploited the vulnerabilities. … Continue reading “Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887)”
Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability (CVE-2024-20272)
Cisco has released a patch to address an arbitrary file upload vulnerability tracked as CVE-2024-20272. Successful exploitation of the vulnerability could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system.
Microsoft Patch Tuesday, January 2024 Security Update Review
The first edition of the Microsoft Patch Tuesday for 2024 is now live! Microsoft has released fewer than usual security fixes in this month’s update. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday’s January 2024 edition addressed 53 vulnerabilities, including two critical … Continue reading “Microsoft Patch Tuesday, January 2024 Security Update Review”