Security Advisories
-
2024-042: Vulnerability in Cisco Integrated Management Controller
Thursday, April 18, 2024 04:36:20 PM CESTOn April 17, 2024, Cisco disclosed vulnerabilities in its Cisco Integrated Management Controller product.
It is recommended upgrading affected products as soon as possible.
-
2024-041: Multiple Vulnerabilities in Ivanti Avalanche MDM
Wednesday, April 17, 2024 11:32:02 AM CESTOn April 16, 2024, Ivanti disclosed several vulnerabilities in its Avalanche MDM solution, including two critical heap overflow issues allowing unauthenticated remote command execution.
It is recommended updating as soon as possible.
-
2024-040: Vulnerabilities in Atlassian Products
Wednesday, April 17, 2024 11:31:38 AM CESTOn April 16, 2024, Atlassian released a security advisory addressing 7 high vulnerabilities in Bamboo Data Center, Confluence Data Center, Jira Software Data Center, and Jira Service Management Data Center.
It is recommended updating as soon as possible prioritising internet facing instances.
-
2024-039: Crtitical Putty Client Vulnerability
Tuesday, April 16, 2024 09:00:16 PM CESTA critical vulnerability, identified as CVE-2024-31497, affects the PuTTY SSH client. This vulnerability stems from a bias in ECDSA nonce generation when using the NIST P-521 elliptic curve. Attackers can exploit this bias to recover private keys after observing a relatively small number of ECDSA signatures.
-
2024-038: Critical vulnerabilities in Junos OS and Junos OS Evolved
Tuesday, April 16, 2024 08:59:45 PM CESTMultiple critical vulnerabilities have been identified in Juniper Networks Junos OS and Junos OS Evolved, primarily related to outdated cURL libraries. These vulnerabilities could allow remote attackers to execute arbitrary code, cause denial of service, or leak sensitive information.
It is strongly advised to update affected systems to the latest versions to mitigate these risks.
-
2024-037: Critical Vulnerability in PAN-OS software
Wednesday, April 17, 2024 11:31:06 AM CESTOn April 12, 2024, Palo Alto Networks released a security advisory for a critical vulnerability affecting a feature of PAN-OS software. This vulnerability allows an unauthenticated remote attacker to execute arbitrary code as root on the affected device.
[Updated] This vulnerability is being exploited in the wild, and proof of concepts have been publicly disclosed by third parties. The vendor is gradually releasing patches for the vulnerable versions since April 14, 2024. However, the patches are not available for all the affected versions yet. In this case, it is highly recommended applying the mitigation measures, as well as implementing the verification steps suggested by the vendor.
-
2024-036: Vulnerabilities in Fortinet products
Thursday, April 11, 2024 11:01:43 AM CESTOn April 11, 2024, Fortinet released multiple advisories regarding high and critical vulnerabilities affecting FortiOS, FortiProxy, FortiClient Mac and FortiClient Linux.
It is recommended upgrading affected software as soon as possible.
-
2024-035: Critical Vulnerability in Rust on Windows
Wednesday, April 10, 2024 11:54:51 AM CESTOn April 9, 2024, the Rust Security Response WG issued a security advisory regarding a critical vulnerability in the Rust programming environment affecting Windows platforms. This flaw allows command injection attacks via crafted batch file executions with untrusted arguments.
It is recommended updating as soon as possible, prioritising assets running code (or one of its dependencies) which executes batch files with untrusted arguments.
-
2024-034: Multiple Vulnerabilities in Microsoft Products
Wednesday, April 10, 2024 09:45:54 AM CESTOn April 9, 2024, Microsoft addressed 150 vulnerabilities in its April 2024 Patch Tuesday update, including 67 remote code execution (RCE) vulnerabilities and 2 zero-days exploited in malware attacks.
It is recommended applying updates as soon as possible on affected products.
-
2024-033: Multiple Vulnerabilities in Ivanti Connect Secure
Thursday, April 04, 2024 10:34:17 AM CESTOn April 2, 2024, Ivanti has addressed critical vulnerabilities in its Connect Secure and Policy Secure products, notably CVE-2024-21894, allowing unauthenticated attackers to perform remote code execution (RCE) and denial of service (DoS) attacks.
-
2024-032: Critical Vulnerability in XZ Utils
Tuesday, April 02, 2024 06:31:14 PM CEST[Updated] On March 29, several companies issued a warning regarding a backdoor found in the XZ Utils software. XZ Utils is a data compression software and may be present in Linux distributions. The malicious code may allow a Threat Actor, with the right authentication key, to achieve gated pre-auth RCE on affected systems.
It is recommended downgrading XZ Utils to a not compromised version.
-
2024-031: High Severity Vulnerabilities in Cisco Products
Friday, March 29, 2024 11:49:02 AM CETOn March 27, 2024, Cisco released security updates for fourteen (14) vulnerabilities affecting IOS, IOS XE and Cisco Access Point software. Six (6) high severity vulnerabilities with a CVSS score of 8.6, could allow an unauthenticated, remote attacker to cause denial of service on an affected device.
-
2024-030: Critical Vulnerabilities in Ivanti Products
Thursday, March 21, 2024 10:19:02 AM CETOn March 20, 2024, Ivanti released fixes for two critical vulnerabilities affecting Ivanti Standalone Sentry and Ivanti Neurons for ITSM. According to Ivanti, there is no evidence of these vulnerabilities being exploited in the wild.
It is recommended upgrading affected software as soon as possible.
-
2024-029: Vulnerabilities in Atlassian Products
Wednesday, March 20, 2024 01:48:33 PM CETOn March 19, 2024, Atlassian released a security advisory addressing 24 high and critical vulnerabilities, among which a critical severity vulnerability in Bamboo Data Center/Server and a high vulnerability in Confluence Data Center and Server.
It is recommended updating affected products as soon as possible.
-
2024-028: Vulnerabilities in Fortinet Products
Thursday, March 14, 2024 05:49:32 PM CETOn March 12, 2024, Fortinet released fixes for three vulnerabilities affecting some of their products. The vulnerabilities could allow an unauthenticated attacker to execute unauthorised code or commands via specifically crafted requests.
It is recommended upgrading affected software as soon as possible.
-
2024-027: Critical Vulnerabilities in Microsoft Products
Wednesday, March 13, 2024 04:10:17 PM CETOn March 12, 2024, Microsoft addressed 60 vulnerabilities in its March 2024 Patch Tuesday update, including 18 remote code execution (RCE) vulnerabilities.
It recommended applying updates as soon as possible on affected products.
-
2024-026: Vulnerabilities in GitLab
Friday, March 08, 2024 10:11:28 AM CETOn March 6, 2024, GitLab released a security advisory addressing several vulnerabilities that could lead to a security policy bypass and a breach of data confidentiality.
-
2024-025: Zero-Day Vulnerabilities in Apple Products
Thursday, March 07, 2024 02:13:11 PM CETOn March 5, 2024, Apple released new product versions providing fixes for several vulnerabilities affecting iOS and iPadOS, among which 2 zero-day vulnerabilities already exploited in the wild.
It is recommended updating as soon as possible.
-
2024-024: Vulnerabilities in VMware Products
Thursday, March 07, 2024 02:12:18 PM CETOn March 5, 2024, VMware released fixes for four vulnerabilities affecting several VMware products. The most serious bugs could allow a malicious actor with local admin privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host.
It is recommended upgrading affected software as soon as possible.
-
2024-023: Vulnerabilities in JetBrains TeamCity
Thursday, March 07, 2024 02:10:35 PM CETOn March 4, JetBrains released a fix for two vulnerabilities affecting JetBrains TeamCity CI/CD server. Both vulnerabilities are authentication bypass vulnerabilities. If exploited, the most severe vulnerability allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker, including unauthenticated RCE.
It is advised upgrading the software as soon as possible.
-
2024-022: Vulnerabilities in Adobe products
Thursday, February 29, 2024 06:47:18 PM CETOn February 13, 2024, Adobe released two security advisories addressing multiple high severity vulnerabilities in various Adobe products. If exploited, the vulnerabilities would allow an attacker to cause remote arbitrary code execution, remote denial of service, remote code injection or disclosure of sensitive information.
-
2024-021: Vulnerabilities in Atlassian Products
Wednesday, February 21, 2024 05:24:33 PM CETOn February 20, 2024, Atlassian released a security advisory addressing a high severity vulnerability in Confluence Data Center and Confluence Server that, if exploited, could allow an authenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser. The security advisory also addresses 10 other high severity vulnerabilities which have been fixed in new versions of several Atlassian products.
-
2024-020: Critical Vulnerability in Zoom Products
Thursday, February 15, 2024 10:15:27 AM CETOn February 13, 2024, Zoom released a security advisory addressing one critical vulnerability. If exploited, this vulnerability allows an unauthenticated attacker to conduct privilege escalation on the target system via network access.
It is recommended applying updates as soon as possible.
-
2024-019: Critical Vulnerabilities in Microsoft Products
Wednesday, February 14, 2024 11:31:11 AM CETOn February 13, 2024, Microsoft released its February 2024 Patch Tuesday advisory, addressing 73 vulnerabilities, two of which are exploited in the wild.
It recommended applying updates as soon as possible on affected products.
-
2024-018: Critical Vulnerabilities in FortiOS
Friday, February 09, 2024 09:56:16 AM CETOn February 9, 2024, Fortinet released an advisory regarding critical vulnerabilities affecting FortiOS that, if exploited, would allow a remote and unauthenticated to execute code on the affected device.
One of the critical vulnerabilities is potentially being exploited in the wild. It is recommended updating as soon as possible.
-
2024-017: Critical Vulnerabilites in FortiSIEM
Tuesday, February 06, 2024 09:55:18 PM CETIn February 2024, Fortinet quietly updated a 2023 advisory, joining two critical flows to the list of OS Command vulnerabilities affecting its FortiSIEM product. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to execute commands on the system.
Updating is recommended as soon as possible.
-
2024-016: High Vulnerability in the runc package
Tuesday, February 06, 2024 09:24:54 PM CETA critical vulnerability has been identified in all versions of runc package up to and including 1.1.11, affecting Docker, Kubernetes, and other containerisation technologies. This vulnerability, tracked as "CVE-2024-21626" with a CVSS score of 8.6, enables attackers to escape containers and potentially gain unauthorised access to the host operating system.
-
2024-015: Remote Code Execution Vulnerability in Cisco Products
Monday, January 29, 2024 04:41:07 PM CETOn January 24, 2024, Cisco disclosed a critical vulnerability in multiple the Unified Communications and Contact Center Solutions products. This vulnerability, tracked as "CVE-2024-20253" with a CVSS score of 9.9, could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Currently, Cisco has no evidence of public proof of concept exploits for this vulnerability or active exploitation in the wild.
-
2024-014: Critical Remote Code Execution Vulnerability in Jenkins
Tuesday, January 30, 2024 10:53:22 AM CETOn January 24, 2024, Jenkins issued fixes for several vulnerabilities, including CVE-2024-23897, a critical vulnerability that could allow an attacker to achieve remote code execution. The advisory published provides detailed information on various attack scenarios, exploitation pathways, descriptions of the fixes, and potential workarounds for those unable to immediately apply the security updates.
Multiple proof-of-concept (PoC) exploits for CVE-2024-23897 are now available.
-
2024-013: Zero-Day Vulnerability in Apple Products
Wednesday, January 24, 2024 10:57:58 AM CETOn January 22, 20024, Apple issued updates for a zero-day vulnerability identified as "CVE-2024-23222". This vulnerability affects iOS, iPadOS, macOS and tvOS devices and is currently being exploited in the wild. The updates also contain fixes for other vulnerabilities affecting Apple products.
It is recommended updating as soon as possible.
-
2024-012: Vulnerability in Chrome
Friday, January 19, 2024 05:14:59 PM CETOn January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as "CVE-2024-0519", which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability is being actively exploited.
-
2024-011: Vulnerability in Wordpress POST SMTP Mailer Plugin
Friday, January 19, 2024 05:14:38 PM CETOn January 10, 2024, an authorisation bypass vulnerability has been discovered in the "POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP" plugin for WordPress. This vulnerability, identified as "CVE-2023-6875" (CVSS score of 9.8)[1], may allow an unauthenticated attacker to reset the API key used to authenticate to the mailer and view logs, including password reset emails on WordPress sites that use this plugin.
This vulnerability could affect sites that have the POST SMTP Mailer plugin installed and configured, which is estimated to be over 300,000 sites.
-
2024-010: Vulnerabilities in Netscaler ADS and Netscaler Gateway
Wednesday, January 17, 2024 11:38:36 AM CETOn January 16, 2024, Citrix released a security advisory addressing two vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway, specifically "CVE-2023-6548" and "CVE-2023-6549". These vulnerabilities have been actively exploited and require urgent patching.
-
2024-009: Critical and High Vulnerabilities in Atlassian Products
Wednesday, January 17, 2024 10:00:28 AM CETOn January 16, 2024, Atlassian released a security advisory addressing a critical vulnerability in Confluence Data Center and Confluence Server that, if exploited, could lead to Remote Code Execution (RCE) on the affected server.
The editor also released a security advisory addressing 28 high-severity vulnerabilities which have been fixed in new versions of Atlassian products.
-
2024-008: Critical Vulnerabilities in Junos OS
Monday, January 15, 2024 10:22:00 AM CETOn January 10, 2024, Juniper released a security advisory addressing a critical vulnerability that, if exploited, could lead to a Denial of Service (DoS), or Remote Code Execution (RCE).
While Juniper SIRT is not aware of any malicious exploitation of this vulnerability, it is recommended upgrading as soon as possible.
-
2024-007: Critical Vulnerabilities in GitLab
Friday, January 12, 2024 02:50:29 PM CETOn January 11, 2024, GitLab released a security advisory addressing several vulnerabilities, including critical ones that, if exploited, could lead to account takeover, or slack command execution.
It is recommended upgrading as soon as possible.
-
2024-006: High Vulnerability in FortiOS & FortiProxy
Thursday, January 11, 2024 04:09:26 PM CETOn January 9, 2024, Fortinet disclosed a high vulnerability in FortiOS & FortiProxy. This vulnerability, tracked as "CVE-2023-44250" and with a CVSS score of 8.3, could allow an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.
-
2024-005: Critical Vulnerability in Cisco Unity Connection
Thursday, January 11, 2024 04:08:30 PM CETOn January 10, 2024, Cisco disclosed a critical vulnerability in its Unity Connection product. This vulnerability, tracked as "CVE-2024-20272" with a CVSS score of 7.3, could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. Currently, Cisco has no evidence of public proof of concept exploits for this vulnerability or active exploitation in the wild.
-
2024-004: Critical Vulnerabilities in Ivanti Connect Secure
Friday, February 09, 2024 10:26:56 AM CETOn January 10, 2024, Ivanti has released an advisory about two critical vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure gateways. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited in the wild and can allow remote attackers to execute arbitrary commands on targeted gateways.
On January 31, 2024, Ivanti has released an advisory about two new critical vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure gateways. These vulnerabilities are identified as CVE-2024-21888 and CVE-2024-21893. CVE-2024-21893 have been exploited in the wild chained with CVE-2024-21887 and can lead to remote attackers to execute arbitrary commands on targeted gateways.
[New] On February 8, 2024, Ivanti has released an advisory about a new critical vulnerability in Ivanti Connect Secure (ICS) and Policy Secure gateways. The vulnerability tracked as CVE-2024-22024 is a new authentication bypass. While Ivanti claims that this vulnerability was found during their internal review and testing of their code, Watchtowr researchers claim otherwise.
-
2024-003: Critical Vulnerability in Apache OFBiz
Tuesday, January 09, 2024 10:11:53 AM CETOn December 26, 2023, the Apache OFBiz project released an update addressing a critical vulnerability in Apache OFBiz. The vulnerability allows attackers to bypass authentication, which could lead to remote code execution (RCE).
-
2024-002: Critical Vulnerability in Ivanti Endpoint Management Software
Monday, January 08, 2024 07:52:25 AM CETOn January 4th, 2024, a critical remote code execution (RCE) vulnerability was fixed in Ivanti's Endpoint Management software (EPM). This vulnerability, tracked as "CVE-2023-39336" (CVSS score : 9.6), allows unauthenticated attackers to hijack enrolled devices or the core server. Ivanti EPM is used to manage client devices across various platforms, including Windows, macOS, Chrome OS, and IoT operating systems. The vulnerability affects all supported versions of Ivanti EPM and has been resolved in version 2022 Service Update 5. The editor also states that no evidence of active exploitation was currently found.
-
2024-001: Vulnerability in Wordpress Google Fonts Plugin
Monday, January 08, 2024 07:58:33 AM CETOn January 2, 2024, an unauthenticated Stored Cross-Site Scripting (XSS) and directory deletion vulnerability has been discovered in the "OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy." plugin for WordPress. This vulnerability, identified as "CVE-2023-6600" (CVSS score of 8.6)[1], may allow unauthenticated attackers to update the plugin's settings and inject malicious scripts into affected sites.
This vulnerability could affect sites that have the OMGF plugin installed and configured, which is estimated to be over 300,000 sites.