Researchers at DEVCORE found a serious vulnerability in PHP that could allow attackers to remotely execute malicious code on affected servers. Due to PHP’s widespread use and the simplicity of exploiting this flaw, DEVCORE classified it as critical and swiftly reported it to the PHP development team. A fix was released on June 6th, 2024. continue reading : PHP CGI Argument Injection Vulnerability (CVE-2024-4577)
Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2024-5274)
Recently, after Google released a security update to fix CVE-2024-4671, another security update has been released: Chrome Version 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux to address a zero-day vulnerability tracked as CVE-2024-5274. Based on the official site for Chrome updates, “Google is aware that an exploit for CVE-2024-5274 exists in the wild”. continue reading : Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2024-5274)
Microsoft Releases May 2024 Patch Tuesday Security Updates
Microsoft has released its May 2024 Patch Tuesday security updates to fix 60 vulnerabilities across its products, including two vulnerabilities that were detected being exploited in the wild. Tracked as CVE-2024-30051, the first exploited vulnerability is in the Windows DWM Core Library and could allow an adversary to gain SYSTEM-level privileges. Additionally, based on the continue reading : Microsoft Releases May 2024 Patch Tuesday Security Updates
Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2024-4671)
Google has released Chrome Version 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux to address a zero-day vulnerability tracked as CVE-2024-4671. Based on the official site for Chrome updates, “Google is aware that an exploit for CVE-2024-4671 exists in the wild”. _____________________________ A. Nature of the Vulnerability CVE-2024-4671 Use after free in Visuals in continue reading : Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2024-4671)
Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks
HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. A. Nature of the Vulnerabilities CVE-2024-26304 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via the PAPI Protocol CVE-2024-26305 (CVSS score: 9.8) continue reading : Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks