Early Warning
CVE-2019-1069, also known as the Task Scheduler Elevation of Privilege Vulnerability, was identified in Microsoft Windows Task Scheduler.
The exploit requires 10,000 attempts and specific conditions related to the GNU C Library (glibc), making widespread exploitation unlikely.
This is an easily exploitable unauthenticated remote code execution vulnerability affecting NextGen HealthCare’s Mirth Connect data integration platform.
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability.
Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature.
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability.
CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Check Point Quantum Security Gateways contains an unspecified information disclosure vulnerability.
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability.
Flash Alert
CVE-2016-3714 is a critical vulnerability in ImageMagick that allows remote code execution due to insufficient input filtering. ImageMagick is a popular software suite for creating, editing, and converting bitmap images.
CrowdStrike is actively working with customers impacted by the defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.
All
CVE-2019-1069, also known as the Task Scheduler Elevation of Privilege Vulnerability, was identified in Microsoft Windows Task Scheduler.
CVE-2016-3714 is a critical vulnerability in ImageMagick that allows remote code execution due to insufficient input filtering. ImageMagick is a popular software suite for creating, editing, and converting bitmap images.
CrowdStrike is actively working with customers impacted by the defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.
The exploit requires 10,000 attempts and specific conditions related to the GNU C Library (glibc), making widespread exploitation unlikely.
This is an easily exploitable unauthenticated remote code execution vulnerability affecting NextGen HealthCare’s Mirth Connect data integration platform.
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability.
Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature.
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability.
CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Check Point Quantum Security Gateways contains an unspecified information disclosure vulnerability.
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability.