RCE

Juniper Networks (NASDAQ: JUNIER) has issued a security vulnerability advisory to fix a critical Remote Code Execution (RCE) vulnerability in the SRX Series Firewalls and EX Series Switches (CVE-2024-21591), as well as another high-risk vulnerability in Junos OS and Junos OS Evolved (CVE- 2024-21611), which can also be exploited by unauthenticated network attackers to cause a denial of service attack. 2024-21611) in Junos OS and Junos OS Evolved, which can also be exploited by an unauthenticated attacker to cause a denial-of-service attack.

The U.S. Cybersecurity and Infrastructure Security Administration (CISA) released six exploited vulnerabilities involving vendors Apple, Apache, Adobe, D-Link, Joomla! and others, and the CVE-2023-41990 vulnerability has been fixed by Apple, but is still being exploited by unknown attackers. It is recommended to affected to carry out vulnerability fixes to protect their network security.

WordPress has released version 6.4.2, which contains a patch for a critical security vulnerability that could be exploited by threat actors to combine it with another vulnerability to execute arbitrary PHP code on vulnerable websites.

Apache OFBiz is an open source product for enterprise process automation. It includes framework components and business applications for ERP, CRM, e-commerce, supply chain management and manufacturing resource planning. There is a remote code execution vulnerability in Apache OFBiz before version 18.12.10. Because xml-RPC is no longer maintained, an authenticated attacker can use xml-RPC to conduct remote code execution exploits and control the server.

Background: GitLab officially released a security advisory to fix a remote code execution vulnerability (CVE-2022-2884) in GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerability allows authenticated users to access the GitLab Community Edition (CE) and Enterprise Edition (EE) by...