SolarWinds Access Rights Manager (ARM) Multiple Vulnerabilities Allows Remote Code Execution

Security researchers at Trend Micro Zero Day Initiative discovered multiple vulnerabilities impacting SolarWinds Access Rights Manager (ARM). Successful exploitation of the vulnerabilities may allow the attackers to perform remote code execution on target systems. CVE-2024-23476, CVE-2024-23479, and CVE-2023-40057 are given critical severity ratings and CVSS scores of 9.6, 9.6, and 9.0, respectively. CVE-2024-23477 and CVE-2024-23478 … Continue reading “SolarWinds Access Rights Manager (ARM) Multiple Vulnerabilities Allows Remote Code Execution”

Critical Vulnerability in Shim Impacts Major Linux Distributors (CVE-2023-40547)

Shim is a crucial software most Linux distributions use in the boot process to support Secure Boot. At the start of the month, Bill Demirkapi of the Microsoft Security Response Center (MSRC) discovered a critical severity vulnerability impacting the software. Tracked as CVE-2023-40547, the vulnerability could lead to remote code execution, crash, denial of service, and exposure of … Continue reading “Critical Vulnerability in Shim Impacts Major Linux Distributors (CVE-2023-40547)”

Jenkins Core Remote Code Execution Vulnerability (CVE-2024-23897)

Jenkins has addressed a critical severity vulnerability (CVE-2024-23897) affecting Jenkins Core. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on target systems. The vulnerability is being exploited in the wild. Many threat researchers have released the PoC for the vulnerability.

Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2024-0252)

Zoho addressed a vulnerability in the ManageEngine ADSelfService Plus, CVE-2024-0252. The vulnerability is given a critical severity and a CVSS score of 9.9. The vulnerability may allow an authenticated attacker to perform remote code execution on the system with ADSelfService Plus installed. The vulnerability exists in the load balancer component of ADSelfService Plus. Zoho stated … Continue reading “Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2024-0252)”

Evernote Remote Code Execution Vulnerability (CVE-2023-50643)

Evernote is vulnerable to a flaw that can lead to remote code execution on successful exploitation. Tracked as CVE-2023-50643, the vulnerability has a critical severity rating and a CVSS score of 9.8. On successful exploitation, a remote attacker may execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.

Atlassian Confluence Data Center and Server Remote Code Execution Vulnerability (CVE-2023-22527)

Atlassian Confluence Data Center and Server is vulnerable to a critical severity vulnerability, tracked as CVE-2023-22527. The vulnerability has a maximum CVSS score of 10. Successful exploitation of the vulnerability may lead to remote code execution. Petrus Viet discovered the vulnerability and reported it to Atlassian through their Bug Bounty program. It is important to … Continue reading “Atlassian Confluence Data Center and Server Remote Code Execution Vulnerability (CVE-2023-22527)”

WordPress Backup Migration Plugin Remote Code Execution Vulnerability (CVE-2023-6553)

WordPress has released security updates to address a critical severity vulnerability Backup Migration Plugin. Tracked as CVE-2023-6553, the vulnerability may allow unauthenticated attackers to inject arbitrary PHP code, resulting in an entire site compromise. The vulnerability has been given a CVSS score of 9.8. The Nex Team has discovered the vulnerability and reported it to WordPress … Continue reading “WordPress Backup Migration Plugin Remote Code Execution Vulnerability (CVE-2023-6553)”

Apache Struts2 Remote Code Execution Vulnerability (CVE-2023-50164)

Apache Struts, an open-source Model-View-Controller (MVC) framework, is vulnerable to a critical vulnerability that may lead to remote code execution. Tracked as CVE-2023-50164, the vulnerability has been addressed with security updates released by Apache.