Overview
Google has released a security update for Google Chrome owing to a type confusion vulnerability (CVE-2023-4762). This vulnerability is currently being exploited by cyber-attackers. Google Chrome should be updated to version 116.0.5845.179 or a newer version. Exploitation of this vulnerability, which affects multiple products, could lead to arbitrary code execution. Microsoft Edge is also affected because it ingests Chromium.
JetBrains has released a security update to address a vulnerability, CVE-2024-23917, affected TeamCity On-Premises. This is a critical vulnerability with a 9.8 score. The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server.
Fortinet recently reported an out-of-bounds write vulnerability that has a critical severity rating. FortiOS and FortiProxy, versions 7.4 and older, are affected and could allow an attacker to execute arbitrary code or commands using crafted HTTP requests. If security updates cannot be applied to a vulnerable appliance, SSL VPN should be disabled. It has been confirmed that the vulnerability is being exploited in the wild.
WordPress: several critical and high-severity vulnerabilities have been recently identified:
CVE-2024-1317 – The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
CVE-2024-1350 – The Honeypot for WP Comment plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.2.3.
CVE-2024-1207 – The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Google Chrome – Chrome Releases
Microsoft Edge – Chromium Update Guide
JetBrains – Security Advisory
Fortinet – Fortiguard PSIRT
WordPress – Wordfence Threat Intel
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.