Vulnerabilities

Fortinet warns about a new critical vulnerability in FortiOS SSL VPN that could be used in attacks. The flaw, known as CVE-2024-21762 / FG-IR-24-015, has a severity rating of 9.6. It is an out-of-bounds write vulnerability in FortiOS. This vulnerability enables unauthenticated attackers to execute remote code by using malicious …

Ivanti has issued a warning regarding two new high-severity vulnerabilities in its Connect Secure and Policy secure solutions, identified as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (CVSS score: 8.2) respectively. Furthermore, the company has alerted that one of these vulnerabilities is actively being exploited in the wild. The vulnerability CVE-2024-21888 …

Juniper Networks released updates to fix high-severity vulnerabilities in SRX Series and EX Series. These vulnerabilities could be exploited by attackers to gain control of vulnerable systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and impact all versions of Junos OS. There are vulnerabilities …

In the Pwn2Own Automotive first edition, competitors earned $1,323,750 by hacking Tesla twice and demonstrating 49 zero-day bugs in various electric car systems from January 24 to January 26. Hackers targeted electric vehicle chargers, infotainment systems, and car operating systems during a contest organized by Trend Micro’s Zero Day Initiative …

Cisco warns that some Unified Communications Manager and Contact Center Solutions products have a critical remote code execution security vulnerability. Cisco’s Unified Communications and Contact Center Solutions offer voice, video, and messaging services, as well as customer engagement and management. The company issued a security bulletin about a vulnerability (CVE-2024-20253) …

Oracle released a security advisory for January 2024. It fixes vulnerabilities in various products that could be exploited by hackers to take control of a system. Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it …

CISA found evidence of active exploitation for three new vulnerabilities, which have been added to their list of known exploited vulnerabilities. CVE-2023-6549: Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability. It describes Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway …

VMware and Atlassian disclosed critical vulnerabilities today. Even though there have been no reports of misuse, administrators should update their systems as soon as possible to prevent any issues. There are two problems reported by Atlassian. The most important one is CVE-2023-22527, which is a flaw in the template system …

Tuesday (16 January) Atlassian released advisory for CVE-2023-22527 – RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server. A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version. Customers using an affected version …

Cybersecurity researchers at Trend Micro discovered an exploitation of CVE-2023-36025 leading to the spread of a new type of malware called Phemedrone Stealer. Phemedrone Stealer is a malware that targets web browsers, cryptocurrency wallets, and messaging apps like Telegram, Steam, and Discord. It not only steals data, but also takes …