HPE Aruba Networking Patches Critical Vulnerabilities Impacting ArubaOS (CVE-2024-26304, CVE-2024-26305, CVE-2024-33511, & CVE-2024-33512)

Aruba Networking has released security updates to address ten critical and medium severity vulnerabilities in ArubaOS. Four vulnerabilities have been rated critical with a CVSSv3 score of 9.8: CVE-2024-26304, CVE-2024-26305, CVE-2024-33511, and CVE-2024-33512. Successful exploitation of these vulnerabilities may lead to remote code execution.

Rust Standard Library Remote Code Execution Vulnerability (BatBadBut) (CVE-2024-24576)

Rust standard library is vulnerable to a critical severity flaw that can be exploited on Windows targets. Tracked as CVE-2024-24576, the vulnerability has been given a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on a targeted Windows system. The vulnerability is being called BatBadBut.

Fortinet FortiClientLinux Remote Code Execution Vulnerability (CVE-2023-45590)

Fortinet FortiClientLinux is vulnerable to a critical severity flaw being tracked as CVE-2023-45590. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the affected systems. To exploit this improper code injection flaw, an attacker must trick a FortiClientLinux user into visiting a malicious website.

SolarWinds Access Rights Manager (ARM) Multiple Vulnerabilities Allows Remote Code Execution

Security researchers at Trend Micro Zero Day Initiative discovered multiple vulnerabilities impacting SolarWinds Access Rights Manager (ARM). Successful exploitation of the vulnerabilities may allow the attackers to perform remote code execution on target systems. CVE-2024-23476, CVE-2024-23479, and CVE-2023-40057 are given critical severity ratings and CVSS scores of 9.6, 9.6, and 9.0, respectively. CVE-2024-23477 and CVE-2024-23478 … Continue reading “SolarWinds Access Rights Manager (ARM) Multiple Vulnerabilities Allows Remote Code Execution”

Critical Vulnerability in Shim Impacts Major Linux Distributors (CVE-2023-40547)

Shim is a crucial software most Linux distributions use in the boot process to support Secure Boot. At the start of the month, Bill Demirkapi of the Microsoft Security Response Center (MSRC) discovered a critical severity vulnerability impacting the software. Tracked as CVE-2023-40547, the vulnerability could lead to remote code execution, crash, denial of service, and exposure of … Continue reading “Critical Vulnerability in Shim Impacts Major Linux Distributors (CVE-2023-40547)”

Jenkins Core Remote Code Execution Vulnerability (CVE-2024-23897)

Jenkins has addressed a critical severity vulnerability (CVE-2024-23897) affecting Jenkins Core. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on target systems. The vulnerability is being exploited in the wild. Many threat researchers have released the PoC for the vulnerability.

Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2024-0252)

Zoho addressed a vulnerability in the ManageEngine ADSelfService Plus, CVE-2024-0252. The vulnerability is given a critical severity and a CVSS score of 9.9. The vulnerability may allow an authenticated attacker to perform remote code execution on the system with ADSelfService Plus installed. The vulnerability exists in the load balancer component of ADSelfService Plus. Zoho stated … Continue reading “Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2024-0252)”

Evernote Remote Code Execution Vulnerability (CVE-2023-50643)

Evernote is vulnerable to a flaw that can lead to remote code execution on successful exploitation. Tracked as CVE-2023-50643, the vulnerability has a critical severity rating and a CVSS score of 9.8. On successful exploitation, a remote attacker may execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.