CVE
Understanding and Mitigating the Fedora Rawhide Vulnerability (CVE-2024-3094)
CVE-2024-3094 is a reported supply chain compromise of the xz libraries. The resulting interference with sshd authentication could enable an attacker to gain unauthorized access to the system. Overview Malicious code was ...
Getting rid of a 20+ year old known vulnerability: It’s like a PSA for Runtime Security
On Wednesday, March 27, CISA and the FBI issued a cry for help: We need to stamp out SQL injection vulnerabilities, and we need to do it yesterday, they said in a ...
Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin
A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and ...
Several OpenJDK Vulnerabilities Fixed
Recently, several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking of sensitive data to log files, denial of service, or bypass of sandbox ...
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery
On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute ...
Juniper Networks OS Update Released Amid High Severity Flaws
In response to pressing security concerns, Juniper Networks has swiftly deployed out-of-band updates aimed at mitigating two high-severity vulnerabilities. These vulnerabilities, identified as CVE-2024-21619 and CVE-2024-21620, pose significant risks to SRX Series ...
GitLab Security Release Fixes Critical File Overwrite Vulnerability
GitLab has recently released important patches to fix a critical security vulnerability affecting both its Community Edition (CE) and Enterprise Edition (EE). The flaw, identified as CVE-2024-0402, carries a CVSS score of ...
Firefox 122 Released with 15 Security Fixes
Mozilla released the new version of its popular browser, Firefox 122, on January 23, 2024. It came 1 month and 5 days after the previous Firefox 121 and brings several new features ...
Zero-day Confluence RCE Vulnerability Blocked by Contrast Runtime Security | CVE-2023-22527 | Contrast Security
If your organization is running an older version of Atlassian Confluence Server that’s affected by CVE-2023-22527 — the critical remote-code execution (RCE) zero day discovered recently — you either ...
Multiple Go Vulnerabilities Fixed in Ubuntu
Go is an open-source programming language that has gained popularity for efficiency and simplicity. However, as with any software, vulnerabilities can lurk within its libraries and modules. It is essential to stay ...
