Zabbix Server Critical SQL Injection Vulnerability (CVE-2024-42327)

Zabbix server is vulnerable to a critical severity flaw tracked as CVE-2024-42327. The vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow attackers to escalate privileges and gain complete control of vulnerable Zabbix servers.

CISA Added Palo Alto Networks Firewall Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-0012 & CVE-2024-9474)

CISA warns about two vulnerabilities being actively exploited, tracked as CVE-2024-0012 and CVE-2024-9474. Both vulnerabilities exist in the PAN-OS web management interface. CISA urged users to patch the vulnerabilities before December 9, 2024. Palo Alto mentioned in the advisory that they know about threat activity that exploits this vulnerability against a limited number of management … Continue reading “CISA Added Palo Alto Networks Firewall Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-0012 & CVE-2024-9474)”

Broadcom Releases Patch for vCenter Server Multiple Vulnerabilities (CVE-2024-38812 & CVE-2024-38813)

VMware vCenter is vulnerable to two security vulnerabilities, tracked as CVE-2024-38812 & CVE-2024-38813. One vulnerability (CVE-2024-38812) has been given a critical severity rating that may allow an attacker to perform remote code execution. The second vulnerability (CVE-2024-38813) may result in privilege escalation.

Ivanti Releases Patch for Vulnerabilities Impacting Connect Secure and Policy Secure (CVE-2024-21888 & CVE-2024-21893)

Ivanti Connect Secure and Policy Secure are vulnerable to high-severity flaws (CVE-2024-21888 & CVE-2024-21893) that may lead to privilege escalation and arbitrary code execution on vulnerable systems. One of the flaws tracked as CVE-2024-21893 is being exploited in the wild. Ivanti mentioned in the advisory that they are aware of a few customers who have … Continue reading “Ivanti Releases Patch for Vulnerabilities Impacting Connect Secure and Policy Secure (CVE-2024-21888 & CVE-2024-21893)”

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Exploited in the Wild (CVE-2023-20198)

Cisco is aware of the active exploitation of a privilege escalation vulnerability in Cisco IOS XE Software Web UI. Tracked as CVE-2023-20198, the vulnerability may allow a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. An attacker may use the compromised account to gain control of the … Continue reading “Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Exploited in the Wild (CVE-2023-20198)”

Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)

Apple has released an emergency update to fix an actively exploited zero-day vulnerability. CVE-2023-42824 is a critical severity vulnerability affecting iPhones and iPads. A local attacker can exploit the vulnerability that exists in the XNU kernel to gain privileges. Apple has fixed the vulnerability with improved checks. Apple has mentioned in their advisories that they … Continue reading “Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)”

Atlassian Confluence Data Center and Confluence Server Privilege Escalation Vulnerability (CVE-2023-22515)

Atlassian Confluence Data Center and Server are vulnerable to a privilege escalation vulnerability. CVE-2023-22515 is a critical severity vulnerability with a CVSS score of 10. A remote attacker may exploit the vulnerability in a low-complexity attack without user interaction. Successful exploitation of the vulnerability may allow attackers to create unauthorized Confluence administrator accounts and access … Continue reading “Atlassian Confluence Data Center and Confluence Server Privilege Escalation Vulnerability (CVE-2023-22515)”

Citrix Application Delivery Controller (ADC) and Citrix Gateway Multiple Vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467)

A new critical severity vulnerability (CVE-2023-3519) in the NetScaler ADC and NetScaler Gateway is being exploited in the wild. CVE-2023-3519 may allow an unauthenticated attacker to perform remote code execution on the target system. The advisory addressed two more vulnerabilities: CVE-2023-3466 CVE-2023-3467 Wouter Rijkbost and Jorren Geurts of Resillion have discovered the vulnerabilities addressed in … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Multiple Vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467)”

WordPress Plugin Ultimate Member Unauthenticated Privilege Escalation Vulnerability (CVE-2023-3460)

WordPress Ultimate Member plugin is vulnerable to a privilege escalation vulnerability that is being exploited in the wild. CVE-2023-3460 has been rated as critical with a CVSS base score of 9.8. The proof of concept for the vulnerability will be released on August 1st, 2023. Ultimate Member is a user profile and membership plugin for … Continue reading “WordPress Plugin Ultimate Member Unauthenticated Privilege Escalation Vulnerability (CVE-2023-3460)”

MOVEit Transfer Privilege Escalation and Potential Unauthorized Access Vulnerability (CVE-2023-35708)

Progress has discovered a privilege escalation vulnerability in the MOVEit Transfer web application (CVE-2023-35708). On successful exploitation, the vulnerability may allow an attacker to gain unauthorized access to the MOVEit Transfer database. There is no evidence to suggest that the vulnerability is being exploited in the wild. MOVEit Transfer is a managed file transfer (MFT) … Continue reading “MOVEit Transfer Privilege Escalation and Potential Unauthorized Access Vulnerability (CVE-2023-35708)”