ConnectWise ScreenConnect 23.9.8: CVE-2024-1709

On February 19, 2023, ConnectWise issued a security notification regarding two security flaws found within their ScreenConnect remote management software. The flaws identified were an authentication bypass rated at CVSS 10.0 and a path

Ivanti’s Zero-Day Vulnerabilities (CVE-2024-21887 and CVE-2023-46805)

Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS), formerly known as Pulse Connect Secure, are virtual private network (VPN) tools that businesses rely on to enable secure remote access. However, two newly disclosed

CVE-2023-4863: A Comprehensive Guide

CVE-2023-4863 refers to a critical heap buffer overflow vulnerability found in the libwebp package, widely used for encoding and decoding WebP images. This vulnerability enables a program to write data beyond the allocated boundaries

Juniper Firewall Vulnerabilities: CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847

Juniper Networks firewalls are a common sight in enterprise networks worldwide. However, the convenience of their J-Web management interface also introduces security risks if improperly configured. This was recently highlighted by Juniper’s disclosure of

Microsoft Patch 73 CVEs in August 2023 (CVE-2023-38180)

Microsoft released its monthly Patch Tuesday security updates for August 2023, addressing a total of 73 vulnerabilities across a wide range of products. The updates provide fixes for vulnerabilities rated as critical and important

Responding to Critical Vulnerabilities in FortiOS SSL VPN (CVE-2023-27997)

A severe vulnerability recently disclosed in Fortinet’s FortiOS SSL VPN product enables unauthenticated remote code execution, allowing hackers to bypass authentication and gain full system control. With a critical CVSS score of 10, all

Responding to Critical Vulnerabilities in Ivanti Endpoint Manager Mobile (CVE-2023-35078)

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, was recently revealed to contain three high-severity vulnerabilities—CVE-2023-35078, CVE-2023-35081, and CVE-2023-35082. These flaws enable threat actors to gain unauthorized access, escalate privileges, and write arbitrary files