Advisories
2024-009: Critical and High Vulnerabilities in Atlassian Products
On January 16, 2024, Atlassian released a security advisory addressing a critical vulnerability in Confluence Data Center and Confluence Server that, if exploited, could lead to Remote Code Execution (RCE) on the affected server. The editor also released a security advisory addressing 28 high-severity vulnerabilities which have been fixed in
2024-004: Critical Vulnerabilities in Ivanti Connect Secure
On January 10, 2024, Ivanti has released an advisory about two critical vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure gateways. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited in the wild and can allow remote attackers to execute arbitrary commands on targeted gateways. Technical Blog Advisory:
2024-007: Critical Vulnerabilities in GitLab
On January 11, 2024, GitLab released a security advisory addressing several vulnerabilities, including critical ones that, if exploited, could lead to account takeover, or slack command execution. It is recommended upgrading as soon as possible. GitLab Security Advisory - January 2024 GitLab Security Advisory - January 2024 History: 12/01/
2023-099: Critical Vulnerabilities in Ivanti Avalanche
On December 20, 2023, Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution. These vulnerabilities, if exploited, could lead to Remote Code Execution or Denial of Service. The updates also cover 8 medium- and high-severity bugs
2023-098: SMTP Smuggling Vulnerability in CISCO Secure Email Gateway
On December 18, 2023, researchers from SEC Consult released an article about an SMTP Smuggling vulnerability affecting products from several vendors such as Microsoft, GMX or Cisco. While the vulnerability was fixed in GMX and Microsoft products, it is considered as a feature in Cisco Secure Email Gateway and Cisco
2023-097: Critical Vulnerabilities in Microsoft Products
On December 12, 2023, Microsoft released the December 2023 Patch Tuesday which includes security updates for a total of 35 flaws. Among the vulnerabilities, four were rated as critical. It is recommended updating affected products as soon as possible. Microsoft December 2023 Patch Tuesday Security Updates Microsoft December 2023 Patch
2023-095: Critical Vulnerability in Apache Struts - with Mittre TTPs
On December 7, 2023, The Apache Struts group released an update addressing a critical security vulnerability in Apache Struts. This vulnerability could lead, under some circumstances, to remote code execution. It is recommended to upgrade to a not vulnerable version as soon as possible. Apache Struts Security Vulnerability Apache Struts