Weekly Vulnerabilities Review (September 14 – September 21)
Weekly Vulnerabilities Review (September 14 – September 21)

Let’s take a look at a brief overview of new cybersecurity solutions from last week. In the spotlight: VulnCheck, Juniper, Akamai, Kubernetes, Chrome, Firefox, Brave, Edge, Telegram, Thunderbird, Gimp, Free Download Manager, Kaspersky Lab, Atos Unify, GitLab, Trend Micro, Fortinet, FortiOS, FortiProxy.

In a recent study by cyber experts at VulnCheck, it was revealed that approximately 12,000 networked Juniper SRX firewalls and EX switches remain vulnerable to a recently identified RCE exploit.

Akamai, a specialist company, has discovered three interrelated vulnerabilities in Kubernetes. Malicious actors can exploit these vulnerabilities to execute remote code with elevated privileges on Windows endpoints within the cluster.

Cybersecurity experts have identified a severe vulnerability, CVE-2023-4863, present in several applications including Chrome, Firefox, Brave, Edge, Telegram, Thunderbird, and Gimp. Immediate patching is advised to prevent potential device attacks by cybercriminals.

Developers from Free Download Manager have released a script that enables users to check if their Linux devices have been compromised during a supply chain cyberattack. Notably, Kaspersky Lab recently found a backdoor hidden in the code of this popular Linux download manager for several years.

Two vulnerabilities discovered in 2023 in Atos Unify products could allow cybercriminals to disrupt operations and potentially exploit a backdoor within the targeted system. These vulnerabilities specifically affect the Atos Unify Session Border Controller (SBC).

This week, the DevOps platform GitLab announced security updates addressing a critical vulnerability, which allows an attacker to execute pipelines on behalf of another user.

Trend Micro has issued a warning stating that a critical vulnerability affecting Apex One and other endpoint security products has been exploited in the wild.

Fortinet has released patches for a serious cross-site scripting (XSS) vulnerability affecting several versions of FortiOS and FortiProxy.