Skip to content

News

2024-012: Vulnerability in Chrome

2024-012: Vulnerability in Chrome

On January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as "CVE-2024-0519", which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability

Members Public
2024-009: Critical and High Vulnerabilities in Atlassian Products

2024-009: Critical and High Vulnerabilities in Atlassian Products

On January 16, 2024, Atlassian released a security advisory addressing a critical vulnerability in Confluence Data Center and Confluence Server that, if exploited, could lead to Remote Code Execution (RCE) on the affected server. The editor also released a security advisory addressing 28 high-severity vulnerabilities which have been fixed in

Members Public
2024-004: Critical Vulnerabilities in Ivanti Connect Secure

2024-004: Critical Vulnerabilities in Ivanti Connect Secure

On January 10, 2024, Ivanti has released an advisory about two critical vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure gateways. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited in the wild and can allow remote attackers to execute arbitrary commands on targeted gateways. Technical Blog Advisory:

Members Public
2024-007: Critical Vulnerabilities in GitLab

2024-007: Critical Vulnerabilities in GitLab

On January 11, 2024, GitLab released a security advisory addressing several vulnerabilities, including critical ones that, if exploited, could lead to account takeover, or slack command execution. It is recommended upgrading as soon as possible. GitLab Security Advisory - January 2024 GitLab Security Advisory - January 2024 History: 12/01/

Members Public
2023-099: Critical Vulnerabilities in Ivanti Avalanche

2023-099: Critical Vulnerabilities in Ivanti Avalanche

On December 20, 2023, Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution. These vulnerabilities, if exploited, could lead to Remote Code Execution or Denial of Service. The updates also cover 8 medium- and high-severity bugs

Members Public
2023-098: SMTP Smuggling Vulnerability in CISCO Secure Email Gateway

2023-098: SMTP Smuggling Vulnerability in CISCO Secure Email Gateway

On December 18, 2023, researchers from SEC Consult released an article about an SMTP Smuggling vulnerability affecting products from several vendors such as Microsoft, GMX or Cisco. While the vulnerability was fixed in GMX and Microsoft products, it is considered as a feature in Cisco Secure Email Gateway and Cisco

Members Public
2023-097: Critical Vulnerabilities in Microsoft Products

2023-097: Critical Vulnerabilities in Microsoft Products

On December 12, 2023, Microsoft released the December 2023 Patch Tuesday which includes security updates for a total of 35 flaws. Among the vulnerabilities, four were rated as critical. It is recommended updating affected products as soon as possible. Microsoft December 2023 Patch Tuesday Security Updates Microsoft December 2023 Patch

Members Public