Early Warning
The exploit requires 10,000 attempts and specific conditions related to the GNU C Library (glibc), making widespread exploitation unlikely.
This is an easily exploitable unauthenticated remote code execution vulnerability affecting NextGen HealthCare’s Mirth Connect data integration platform.
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability.
Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature.
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability.
CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Check Point Quantum Security Gateways contains an unspecified information disclosure vulnerability.
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability.
All
CrowdStrike is actively working with customers impacted by the defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.
The exploit requires 10,000 attempts and specific conditions related to the GNU C Library (glibc), making widespread exploitation unlikely.
This is an easily exploitable unauthenticated remote code execution vulnerability affecting NextGen HealthCare’s Mirth Connect data integration platform.
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability.
Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature.
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability.
CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Check Point Quantum Security Gateways contains an unspecified information disclosure vulnerability.
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability.