Citrix has rolled out security updates to fix two zero-day vulnerabilities in the NetScaler ADC and NetScaler Gateway appliances.

One of the flaws (CVE-2023-6548) is a code injection issue within the management interface, which can be exploited by a remote authenticated hacker for remote code execution via a specially crafted request.

The second zero-day, tracked as CVE-2023-6549, a buffer overflow issue that can be used to trigger a denial of service (DoS). A remote attacker can send specially crafted packets to the system, trigger memory corruption and perform a denial of service (DoS) attack. Successful exploitation of this vulnerability requires that the device be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAAvirtualserver.

The flaws affect the following products:

• NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases

• NetScaler ADC and NetScaler Gateway 13.1-51.15 and later releases of 13.1

• NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0

• NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS

• NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS

• NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP

“Exploits of these CVEs on unmitigated appliances have been observed,” Citrix noted in a security advisory, urging customers to install updated versions of NetScaler ADC and NetScaler Gateway as soon as possible.

Separately, Google released security updates for its Chrome browser to patch several high-risk vulnerabilities, including a zero-day bug actively exploited in the wild.

Tracked as CVE-2024-0519, the zero-day flaw is described as a buffer overflow issue affecting the V8 JavaScript and WebAssembly engine, which can be exploited for remote code execution. Google withheld additional information on the nature of the attacks the vulnerability was exploited in to prevent further abuse.

The company has also patched two high-severity issues that could lead to remote code execution (CVE-2024-0517 and CVE-2024-0518).

Last but not least, VMware and Atlassian warned customers of dangerous vulnerabilities in Aria Automation and Confluence Data Center and Server, respectively.

The Confluence bug (CVE-2023-22527), which is rated critical, is a template injection issue that permits remote code execution. The flaw impacts out-of-date versions of Confluence Data Center and Server (8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0-8.5.3). It was fixed in versions 8.5.4, 8.5.5 (Confluence Data Center and Server), 8.6.0, 8.7.1, and 8.7.2 (Data Center only).

The VMware Aria Automation vulnerability (CVE-2023-34063) is an improper access control issue which, if exploited, could allow an authenticated attacker to gain unauthorized access to remote organizations and workflows. The impacted versions include VMware Aria Automation (8.11.x, 8.12.x, 8.13.x, and 8.14.x) VMware Cloud Foundation (4.x and 5.x).

There's no indication that the bugs have been exploited in the wild.