CVE-2024-22024 is an XML External Entity (XXE) vulnerability that allows a remote attacker to access internal files CVE-2024-22024, a new high rated vulnerability affecting Ivanti Connect Secure and Ivanti Policy Secure software has been disclosed. This software is used to connect devices to virtual private networks (VPNs). The vulnerability would allow a remote attacker to access internal files by sending maliciously crafted XML files. The situation is more serious by the fact that there is a known, publicly accessible exploit. The vulnerability CVE-2024-22024 is the latest in a series of high and critical vulnerabilities discovered in a single month (CVE-2024-21893, CVE-2024-21887, CVE-2024-21888). It is worth mentioning that the exploitation of these previous vulnerabilities has been detected in the wild, so ...

Critical vulnerability CVE-2023-7028 in the open source platform GitLab allows taking control of other users' accounts A critical vulnerability has been discovered in GitLab, an open-source platform for managing git repositories. This vulnerability could allow a remote attacker to take control of other users' accounts. GitLab is an open-source platform that performs functions equivalent to those of GitHub. The company in charge of developing it maintains a version of this software in the cloud so that users can access its functions, but installing it on local servers is also possible. Key features CVE identifier: CVE-2023-7028 Release date: January 11, 2024 Affected software: GitLab CVSS score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10.0 Critical) Affected versions: 16.1 to 16.1.5 16.2 to 16.2.8 16.3 to 16.3.6 16.4 ...

On November 21, 2023, three critical vulnerabilities were made public (CVE-2023-49103, CVE-2023-49104, CVE-2023-49105), affecting several applications of the ownCloud online file sharing and collaboration platform. These vulnerabilities of the ownCloud platform allow a remote attacker, under certain circumstances, to obtain sensitive data such as ownCloud administrator password, mail server credentials and license key; access, modify and delete files without authentication (knowing the victim user); and bypass subdomain validation in ownCloud's oauth2. As published by GreyNoise, these vulnerabilities of the ownCloud platform have been highly exploited since November 25, 2023, mainly the one affecting the disclosure of sensitive data (CVE-2023-49103). OwnCloud is an open-source software platform designed to provide cloud storage and online collaboration services. It focuses on enabling users to ...

On October 3, 2023, Qualys published information about a high-severity local privilege escalation vulnerability in the GNU C Library (glibc), which is widely used on Linux systems. This vulnerability (CVE-2023-4911) could allow a local attacker to gain root privileges. Only two days ago, CISA, the Cybersecurity and Infrastructure Security Agency of the United States, reported that this vulnerability CVE-2023-4911 is actively being exploited. The GNU C Library defines system calls and other basic functionality that all programs that use this language require. Most current Linux distributions use this library to compile their software packages. Vulnerability CVE-2023-4911 details The following are the main details of this vulnerability: CVE identifier: CVE-2023-4911. Date published: October 3, 2023. Affected software: glibc. CVSS score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ...

The vulnerability CVE-2023-38545 affects curl, a command line tool and software library used to transfer data to and from a server On October 11th, 2023 the curl development team has reported a heap buffer overflow vulnerability, classified as High, affecting the handshake in the SOCKS5 proxy component. This vulnerability was reported by Jay Satiro via the HackerOne platform on September 30, 2023. Curl is a command-line tool and library used to transfer data to or from a server using various network protocols, including HTTP, HTTPS, FTP, FTPS, SCP, SFTP, LDAP, and more. The name cURL stands for Client for URLs, which indicates its primary function: to act as a client for accessing resources via URLs. What is the vulnerability? The ...