Security Advisories
-
2024-030: Critical Vulnerabilities in Ivanti Products
Thursday, March 21, 2024 10:19:02 AM CETOn March 20, 2024, Ivanti released fixes for two critical vulnerabilities affecting Ivanti Standalone Sentry and Ivanti Neurons for ITSM. According to Ivanti, there is no evidence of these vulnerabilities being exploited in the wild.
It is recommended upgrading affected software as soon as possible.
-
2024-029: Vulnerabilities in Atlassian Products
Wednesday, March 20, 2024 01:48:33 PM CETOn March 19, 2024, Atlassian released a security advisory addressing 24 high and critical vulnerabilities, among which a critical severity vulnerability in Bamboo Data Center/Server and a high vulnerability in Confluence Data Center and Server.
It is recommended updating affected products as soon as possible.
-
2024-028: Vulnerabilities in Fortinet Products
Thursday, March 14, 2024 05:49:32 PM CETOn March 12, 2024, Fortinet released fixes for three vulnerabilities affecting some of their products. The vulnerabilities could allow an unauthenticated attacker to execute unauthorised code or commands via specifically crafted requests.
It is recommended upgrading affected software as soon as possible.
-
2024-027: Critical Vulnerabilities in Microsoft Products
Wednesday, March 13, 2024 04:10:17 PM CETOn March 12, 2024, Microsoft addressed 60 vulnerabilities in its March 2024 Patch Tuesday update, including 18 remote code execution (RCE) vulnerabilities.
It recommended applying updates as soon as possible on affected products.
-
2024-026: Vulnerabilities in GitLab
Friday, March 08, 2024 10:11:28 AM CETOn March 6, 2024, GitLab released a security advisory addressing several vulnerabilities that could lead to a security policy bypass and a breach of data confidentiality.
-
2024-025: Zero-Day Vulnerabilities in Apple Products
Thursday, March 07, 2024 02:13:11 PM CETOn March 5, 2024, Apple released new product versions providing fixes for several vulnerabilities affecting iOS and iPadOS, among which 2 zero-day vulnerabilities already exploited in the wild.
It is recommended updating as soon as possible.
-
2024-024: Vulnerabilities in VMware Products
Thursday, March 07, 2024 02:12:18 PM CETOn March 5, 2024, VMware released fixes for four vulnerabilities affecting several VMware products. The most serious bugs could allow a malicious actor with local admin privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host.
It is recommended upgrading affected software as soon as possible.
-
2024-023: Vulnerabilities in JetBrains TeamCity
Thursday, March 07, 2024 02:10:35 PM CETOn March 4, JetBrains released a fix for two vulnerabilities affecting JetBrains TeamCity CI/CD server. Both vulnerabilities are authentication bypass vulnerabilities. If exploited, the most severe vulnerability allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker, including unauthenticated RCE.
It is advised upgrading the software as soon as possible.
-
2024-022: Vulnerabilities in Adobe products
Thursday, February 29, 2024 06:47:18 PM CETOn February 13, 2024, Adobe released two security advisories addressing multiple high severity vulnerabilities in various Adobe products. If exploited, the vulnerabilities would allow an attacker to cause remote arbitrary code execution, remote denial of service, remote code injection or disclosure of sensitive information.
-
2024-021: Vulnerabilities in Atlassian Products
Wednesday, February 21, 2024 05:24:33 PM CETOn February 20, 2024, Atlassian released a security advisory addressing a high severity vulnerability in Confluence Data Center and Confluence Server that, if exploited, could allow an authenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser. The security advisory also addresses 10 other high severity vulnerabilities which have been fixed in new versions of several Atlassian products.
-
2024-020: Critical Vulnerability in Zoom Products
Thursday, February 15, 2024 10:15:27 AM CETOn February 13, 2024, Zoom released a security advisory addressing one critical vulnerability. If exploited, this vulnerability allows an unauthenticated attacker to conduct privilege escalation on the target system via network access.
It is recommended applying updates as soon as possible.
-
2024-019: Critical Vulnerabilities in Microsoft Products
Wednesday, February 14, 2024 11:31:11 AM CETOn February 13, 2024, Microsoft released its February 2024 Patch Tuesday advisory, addressing 73 vulnerabilities, two of which are exploited in the wild.
It recommended applying updates as soon as possible on affected products.
-
2024-018: Critical Vulnerabilities in FortiOS
Friday, February 09, 2024 09:56:16 AM CETOn February 9, 2024, Fortinet released an advisory regarding critical vulnerabilities affecting FortiOS that, if exploited, would allow a remote and unauthenticated to execute code on the affected device.
One of the critical vulnerabilities is potentially being exploited in the wild. It is recommended updating as soon as possible.
-
2024-017: Critical Vulnerabilites in FortiSIEM
Tuesday, February 06, 2024 09:55:18 PM CETIn February 2024, Fortinet quietly updated a 2023 advisory, joining two critical flows to the list of OS Command vulnerabilities affecting its FortiSIEM product. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to execute commands on the system.
Updating is recommended as soon as possible.
-
2024-016: High Vulnerability in the runc package
Tuesday, February 06, 2024 09:24:54 PM CETA critical vulnerability has been identified in all versions of runc package up to and including 1.1.11, affecting Docker, Kubernetes, and other containerisation technologies. This vulnerability, tracked as "CVE-2024-21626" with a CVSS score of 8.6, enables attackers to escape containers and potentially gain unauthorised access to the host operating system.
-
2024-015: Remote Code Execution Vulnerability in Cisco Products
Monday, January 29, 2024 04:41:07 PM CETOn January 24, 2024, Cisco disclosed a critical vulnerability in multiple the Unified Communications and Contact Center Solutions products. This vulnerability, tracked as "CVE-2024-20253" with a CVSS score of 9.9, could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Currently, Cisco has no evidence of public proof of concept exploits for this vulnerability or active exploitation in the wild.
-
2024-014: Critical Remote Code Execution Vulnerability in Jenkins
Tuesday, January 30, 2024 10:53:22 AM CETOn January 24, 2024, Jenkins issued fixes for several vulnerabilities, including CVE-2024-23897, a critical vulnerability that could allow an attacker to achieve remote code execution. The advisory published provides detailed information on various attack scenarios, exploitation pathways, descriptions of the fixes, and potential workarounds for those unable to immediately apply the security updates.
Multiple proof-of-concept (PoC) exploits for CVE-2024-23897 are now available.
-
2024-013: Zero-Day Vulnerability in Apple Products
Wednesday, January 24, 2024 10:57:58 AM CETOn January 22, 20024, Apple issued updates for a zero-day vulnerability identified as "CVE-2024-23222". This vulnerability affects iOS, iPadOS, macOS and tvOS devices and is currently being exploited in the wild. The updates also contain fixes for other vulnerabilities affecting Apple products.
It is recommended updating as soon as possible.
-
2024-012: Vulnerability in Chrome
Friday, January 19, 2024 05:14:59 PM CETOn January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as "CVE-2024-0519", which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability is being actively exploited.
-
2024-011: Vulnerability in Wordpress POST SMTP Mailer Plugin
Friday, January 19, 2024 05:14:38 PM CETOn January 10, 2024, an authorisation bypass vulnerability has been discovered in the "POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP" plugin for WordPress. This vulnerability, identified as "CVE-2023-6875" (CVSS score of 9.8)[1], may allow an unauthenticated attacker to reset the API key used to authenticate to the mailer and view logs, including password reset emails on WordPress sites that use this plugin.
This vulnerability could affect sites that have the POST SMTP Mailer plugin installed and configured, which is estimated to be over 300,000 sites.
-
2024-010: Vulnerabilities in Netscaler ADS and Netscaler Gateway
Wednesday, January 17, 2024 11:38:36 AM CETOn January 16, 2024, Citrix released a security advisory addressing two vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway, specifically "CVE-2023-6548" and "CVE-2023-6549". These vulnerabilities have been actively exploited and require urgent patching.
-
2024-009: Critical and High Vulnerabilities in Atlassian Products
Wednesday, January 17, 2024 10:00:28 AM CETOn January 16, 2024, Atlassian released a security advisory addressing a critical vulnerability in Confluence Data Center and Confluence Server that, if exploited, could lead to Remote Code Execution (RCE) on the affected server.
The editor also released a security advisory addressing 28 high-severity vulnerabilities which have been fixed in new versions of Atlassian products.
-
2024-008: Critical Vulnerabilities in Junos OS
Monday, January 15, 2024 10:22:00 AM CETOn January 10, 2024, Juniper released a security advisory addressing a critical vulnerability that, if exploited, could lead to a Denial of Service (DoS), or Remote Code Execution (RCE).
While Juniper SIRT is not aware of any malicious exploitation of this vulnerability, it is recommended upgrading as soon as possible.
-
2024-007: Critical Vulnerabilities in GitLab
Friday, January 12, 2024 02:50:29 PM CETOn January 11, 2024, GitLab released a security advisory addressing several vulnerabilities, including critical ones that, if exploited, could lead to account takeover, or slack command execution.
It is recommended upgrading as soon as possible.
-
2024-006: High Vulnerability in FortiOS & FortiProxy
Thursday, January 11, 2024 04:09:26 PM CETOn January 9, 2024, Fortinet disclosed a high vulnerability in FortiOS & FortiProxy. This vulnerability, tracked as "CVE-2023-44250" and with a CVSS score of 8.3, could allow an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.
-
2024-005: Critical Vulnerability in Cisco Unity Connection
Thursday, January 11, 2024 04:08:30 PM CETOn January 10, 2024, Cisco disclosed a critical vulnerability in its Unity Connection product. This vulnerability, tracked as "CVE-2024-20272" with a CVSS score of 7.3, could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. Currently, Cisco has no evidence of public proof of concept exploits for this vulnerability or active exploitation in the wild.
-
2024-004: Critical Vulnerabilities in Ivanti Connect Secure
Friday, February 09, 2024 10:26:56 AM CETOn January 10, 2024, Ivanti has released an advisory about two critical vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure gateways. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited in the wild and can allow remote attackers to execute arbitrary commands on targeted gateways.
On January 31, 2024, Ivanti has released an advisory about two new critical vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure gateways. These vulnerabilities are identified as CVE-2024-21888 and CVE-2024-21893. CVE-2024-21893 have been exploited in the wild chained with CVE-2024-21887 and can lead to remote attackers to execute arbitrary commands on targeted gateways.
[New] On February 8, 2024, Ivanti has released an advisory about a new critical vulnerability in Ivanti Connect Secure (ICS) and Policy Secure gateways. The vulnerability tracked as CVE-2024-22024 is a new authentication bypass. While Ivanti claims that this vulnerability was found during their internal review and testing of their code, Watchtowr researchers claim otherwise.
-
2024-003: Critical Vulnerability in Apache OFBiz
Tuesday, January 09, 2024 10:11:53 AM CETOn December 26, 2023, the Apache OFBiz project released an update addressing a critical vulnerability in Apache OFBiz. The vulnerability allows attackers to bypass authentication, which could lead to remote code execution (RCE).
-
2024-002: Critical Vulnerability in Ivanti Endpoint Management Software
Monday, January 08, 2024 07:52:25 AM CETOn January 4th, 2024, a critical remote code execution (RCE) vulnerability was fixed in Ivanti's Endpoint Management software (EPM). This vulnerability, tracked as "CVE-2023-39336" (CVSS score : 9.6), allows unauthenticated attackers to hijack enrolled devices or the core server. Ivanti EPM is used to manage client devices across various platforms, including Windows, macOS, Chrome OS, and IoT operating systems. The vulnerability affects all supported versions of Ivanti EPM and has been resolved in version 2022 Service Update 5. The editor also states that no evidence of active exploitation was currently found.
-
2024-001: Vulnerability in Wordpress Google Fonts Plugin
Monday, January 08, 2024 07:58:33 AM CETOn January 2, 2024, an unauthenticated Stored Cross-Site Scripting (XSS) and directory deletion vulnerability has been discovered in the "OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy." plugin for WordPress. This vulnerability, identified as "CVE-2023-6600" (CVSS score of 8.6)[1], may allow unauthenticated attackers to update the plugin's settings and inject malicious scripts into affected sites.
This vulnerability could affect sites that have the OMGF plugin installed and configured, which is estimated to be over 300,000 sites.