Alerts

Palo Alto has released security updates to fix multiple vulnerabilities across several Palo Alto products. The addressed vulnerabilities could allow the attacker to elevate privilege to root access, bypass security restrictions, execute untrusted software without being detected or blocked, and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Palo Alto Expedition […]

Citrix has released security updates to address several vulnerabilities across multiple Citrix products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, gain privileges, obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected system by sending a specially crafted request. Sample of the addressed

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed four zero-day vulnerabilities. Microsoft has fixed (142) vulnerabilities, with (4) classified as critical as they could allow the attacker to execute arbitrary code, this could result in remote code execution, gain access, and gain elevated privileges to the

Apache has released a security update to address several vulnerabilities across Apache HTTP Server 2.4.58 and earlier. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, bypass security restrictions, obtain sensitive information, execute arbitrary code, and gain access to the affected system by sending a specially crafted request. Sample of the

OpenSSH released a security update to fix a vulnerability affecting all versions of OpenSSH between 8.5p1 and 9.7p1. The addressed vulnerability could allow the unauthenticated remote attacker to execute arbitrary code with root privileges and gain access to the affected system by sending specially crafted requests. OpenSSH Code Execution Vulnerability (CVE-2024-6387): CVSS: 9.8 Attack Vector:

Juniper has released security updates to fix a critical vulnerability that affects multiple Juniper products. The addressed vulnerability could allow the remote attacker to bypass security restrictions, bypass authentication, and take full control of the affected products by sending specially crafted requests. Juniper Networks Session Smart Router Security Bypass (CVE-2024-2973): CVSS: 10 Attack Vector: Network

Progress has released a security update to address several vulnerabilities affecting WhatsUp Gold 23.1.2 and all older versions. The addressed vulnerability could allow the remote attacker to bypass security restrictions, perform denial of services attacks, gain elevated privileges, obtain sensitive information, upload arbitrary files, or execute arbitrary code and gain access to the affected system.

Fortra has released a security update to address several vulnerabilities in multiple Fortra products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, bypass security restrictions, or manipulate data and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276): CVSS: 9.8

MOVEit Transfer has released security updates to address a critical vulnerability across multiple versions of Progress MOVEit Transfer. The addressed vulnerability could allow the remote attacker to bypass authentication because of inadequate authentication measures. Progress MOVEit Transfer Authentication Bypass Vulnerability (CVE-2024-5806): CVSS: 9.1 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None

Trellix has released a security update to fix multiple vulnerabilities across Trellix Intrusion Prevention System. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or execute arbitrary code and gain access to the affected system. The addressed vulnerabilities: 1. Trellix Intrusion Prevention System Manager Code Execution Vulnerability (CVE-2024-5671): CVSS: 9.8 Attack Vector: