Vulnerability information

In the latest patch security update, Microsoft disclosed a critical vulnerability in the Windows TCP/IP stack that requires urgent attention (CVE-2024-38063). the handling of IPv6 packets in the Windows TCP/IP stack. An unauthenticated attacker can exploit this vulnerability by sending specially crafted IPv6 packets to the target system, resulting in Remote Code Execution (RCE).

Microsoft Releases January 2024 Security Update, Fixes 48 Vulnerabilities This update covers Windows systems and the Chromium kernel Edge browser.

The U.S. Cybersecurity and Infrastructure Security Administration (CISA) released six exploited vulnerabilities involving vendors Apple, Apache, Adobe, D-Link, Joomla! and others, and the CVE-2023-41990 vulnerability has been fixed by Apple, but is still being exploited by unknown attackers. It is recommended to affected to carry out vulnerability fixes to protect their network security.

Apache Struts code execution vulnerability (CVE-2023-50164) allows attackers to control file upload parameter execution path traversal, and in some cases can upload malicious files to execute arbitrary code.

WordPress has released version 6.4.2, which contains a patch for a critical security vulnerability that could be exploited by threat actors to combine it with another vulnerability to execute arbitrary PHP code on vulnerable websites.

Apache OFBiz is an open source product for enterprise process automation. It includes framework components and business applications for ERP, CRM, e-commerce, supply chain management and manufacturing resource planning. There is a remote code execution vulnerability in Apache OFBiz before version 18.12.10. Because xml-RPC is no longer maintained, an authenticated attacker can use xml-RPC to conduct remote code execution exploits and control the server.

Citizen Lab says the two zero-day vulnerabilities Apple fixed today in an emergency security update are being actively abused as part of a zero-hit exploit chain, known as BLASTPASS, that puts NSO Group's Pegas...

While we are recovering from the worst of the COVID-19 pandemic, cyber threats show no signs of abating, with cybercriminals still using advanced methods to achieve their goals. Global Threat Trends Report Shows Cyberattacks Are Targeting Digital Infrastructure, Ransomware…