The threat alerts noted multiple vulnerabilities in Chrome and GitLab and remote code execution vulnerability in Zoho ManageEngine ADAudit Plus prior to 7060.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
Multiple vulnerabilities were reported in Google Chrome allowing remote attackers to execute arbitrary code and denial of service in the targeted systems.
These vulnerabilities, as reported by Cert-In, can exploit the system by sending specially crafted requests on the targeted system. Their successful execution can allow attackers to execute arbitrary code and is being used in the wild. The organisation, on its website also shared that, users are urgently requested to apply available security patches to avoid risk of exploitation.
The vulnerability note for GitLab, rated high by the organisation, stated that versions prior to GitLab versions prior to 15.1.1, 15.0.4, and 14.10.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) have been affected.
These vulnerabilities according to Cert-In can allow an attacker to execute codes, perform cross site scripting and disclose sensitive information. These vulnerabilities can also bypass security restrictions and cause denial of service on the targeted systems.
The vulnerability report said that application of appropriate updates as mentioned in GitLab security release can be used to secure vulnerable systems.
Zoho ManageEngine ADAudit Plus prior to 7060
The vulnerability notes for Zoho, rated high, stated that a remote code execution can be exploited by an unauthenticated remote attacker to execute arbitrary code on targeted systems.
The vulnerability that exists in Zoho ManageEngine ADAudit Plus is due to a misconfigured XML parser that processes user-supplied input without sufficient validation. The vulnerability code, however, stated that upgrading Zoho ManageEngine ADAudit Plus to the latest build would be enough to plug the security gap.