A security researcher at Trend Micro Zero Day Initiative discovered a vulnerability in the Progress Telerik Report Server. CVE-2024-4358 is a critical severity vulnerability allowing an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report server-restricted functionality.
Check Point Security Gateways Information Disclosure Vulnerability Exploited in the Wild (CVE-2024-24919)
Check Point warned its customers of a vulnerability impacting its Network Security gateway products. The vulnerability, tracked as CVE-2024-24919, is being exploited in the wild. Successful exploitation of the vulnerability may allow an attacker to read specific information on Internet-connected Gateways with remote access VPN or mobile access enabled. CISA acknowledged the active exploitation of … Continue reading “Check Point Security Gateways Information Disclosure Vulnerability Exploited in the Wild (CVE-2024-24919)”
Fluent Bit Memory Corruption Vulnerability (CVE-2024-4323)
Fluent Bit, a widespread logging and metrics utility, is vulnerable to a memory corruption flaw tracked as CVE-2024-4323. Successful exploitation of the vulnerability may lead to denial of service, information disclosure, or, in extreme cases, remote code execution. The vulnerability has a critical severity rating and a CVSS score of 9.8.
Google Chrome Zero-day Vulnerability, Eighth this year (CVE-2024-5274)
Another vulnerability in Chrome is being exploited in the wild. Tracked as CVE-2024-5274, this is a type confusion vulnerability in V8 JavaScript engine. Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security have discovered and reported the vulnerability. CISA acknowledged the active exploitation of CVE-2024-5274 by adding it to its Known … Continue reading “Google Chrome Zero-day Vulnerability, Eighth this year (CVE-2024-5274)”
Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)
Ivanti released a security advisory to address ten vulnerabilities in its Endpoint Manager. The vulnerabilities are given critical and high security vulnerabilities. On successful exploitation, an attacker with access to the internal network can execute arbitrary SQL queries and retrieve output without needing authentication. This can then allow the attacker control over machines running the … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)”
Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2024-29849)
Veeam released a security advisory to address four vulnerabilities of different severity ratings. All the vulnerabilities impact Veeam Backup and Replication. One of the four vulnerabilities, CVE-2024-29849, is rated as critical with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an unauthenticated attacker to log in to the Veeam Backup Enterprise … Continue reading “Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2024-29849)”
Atlassian SQL Injection Vulnerability Impacts Jira and Confluence (CVE-2024-1597)
Atlassian released a security advisory to address a critical severity vulnerability impacting its popular products, Jira and Confluence. Tracked as CVE-2024-1597, the vulnerability has a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an unauthenticated attacker to expose assets in the environment. The org.postgresql:postgresql dependency vulnerability is only exploited when the instance … Continue reading “Atlassian SQL Injection Vulnerability Impacts Jira and Confluence (CVE-2024-1597)”
GitHub Enterprise Server Authentication Bypass Vulnerability (CVE-2024-4985)
A critical severity flaw with the maximum severity rating is discovered in the GitHub Enterprise Server (GHES). Tracked as CVE-2024-4985, the vulnerability may allow an attacker to access the vulnerable server without prior authentication.
Zabbix Server Audit Log Time-Based SQL Injection Vulnerability (CVE-2024-22120)
The Zabbix server is vulnerable to an SQL injection vulnerability, tracked as CVE-2024-22120. The vulnerability has been given a critical severity rating with a CVSS score of 9.1. Successful exploitation of the vulnerability may allow a remote authenticated attacker to execute arbitrary SQL queries, allowing the threat actors to dump the database, escalate privileges to admin, … Continue reading “Zabbix Server Audit Log Time-Based SQL Injection Vulnerability (CVE-2024-22120)”
Another Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4947)
Google released a security advisory for the second time this week to address a vulnerability known to be exploited in the wild. In this update, Google addressed nine security vulnerabilities, one of which (CVE-2024-4947) is actively exploited.
