Alerts

Ivanti has released a security update to fix a vulnerability in Ivanti Endpoint Manager (EPM). The addressed vulnerability could allow the attacker to execute arbitrary code and gain elevated privileges to the affected systems. Ivanti Endpoint Manager (EPM) Privilege Escalation (CVE-2024-22058): CVSS: 7.8 Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None […]

F5 has released security updates to address several vulnerabilities in NGINX Plus and NGINX Open Source. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or perform denial of service attacks on the affected system. Sample of the addressed vulnerabilities: 1. F5 NGINX Plus and NGINX Open Source Denial of Service Vulnerability

Check Point has released security updates to fix a zero-day vulnerability across multiple Check Point products. The addressed vulnerability could allow the remote attacker to gain unauthorized access to sensitive information on the affected systems once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. Check Point Security Gateways

Microsoft has released an updated Microsoft Edge Stable Channel (Version 125.0.2535.67) to address multiple vulnerabilities. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft Edge Code Execution Vulnerability (CVE-2024-5160):

Google has released an updated Chrome version “125.0.6422.112/.113” for Windows and Mac, and version “125.0.6422.112” for Linux. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Google Chrome Code Execution Vulnerability (CVE-2024-5274): CVSS: 8.8 Attack

Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct denial of service attacks, or manipulate data to view, add, modify, or delete information by sending specially crafted SQL statements to the affected product. Sample of the addressed vulnerabilities: 1.

VMware has released a security update to address several vulnerabilities across multiple VMware products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, cause out-of-bounds read/write flaws, or execute arbitrary code and gain access to the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. VMware ESXi, Workstation,

Google has released an updated Chrome version “125.0.6422.76/.77” for Windows and Mac, and version “125.0.6422.76” for Linux. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Google Chrome Buffer Overflow

Drupal has released a security update to fix a vulnerability in Drupal’s RESTful Web Services. The addressed vulnerability could allow the remote attacker to bypass security restrictions by sending a specially crafted request to the affected products. Drupal RESTful Web Services Access Bypass (SA-CONTRIB-2024-019): CVSS: 7.5 Attack Vector: Network Attack Complexity: None Privileges Required: None

Tenable has released Nessus version “10.7.3” and Nessus Agent version “10.6.4” to address multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to gain elevated privilege or execute arbitrary code and gain access on the affected system. Sample of the addressed vulnerabilities: 1. Tenable Nessus Code Execution vulnerability (CVE-2024-3290): CVSS: 8.2 Attack Vector: Local Attack

Microsoft has released an updated Microsoft Edge and Extended Stable Channel (Version 124.0.2478.109) to address multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of

Zoom has released security updates to fix several vulnerabilities in multiple products. addressed vulnerabilities could allow the attacker to conduct denial of service attacks, or gain elevated privileges to the affected system by sending a specially crafted request. The addressed vulnerabilities: 1. Zoom Workplace VDI App for Windows Privilege Escalation Vulnerability (CVE-2024-27244): CVSS: 6.7 Attack

Adobe has released security updates to fix multiple vulnerabilities across Adobe Acrobat, and Adobe Reader products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, or execute arbitrary code, and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Adobe Acrobat and Adobe Reader Code Execution (CVE-2024-30284): CVSS: 7.8 Attack

Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct cross-site scripting attacks, gain elevated privileges, or gain access to the affected product. Sample of the addressed vulnerabilities: 1. Cisco Crosswork Network Services Orchestrator Security Bypass (CVE-2024- 20326): CVSS: 7.8

Google has released an updated Chrome version “125.0.6422.60/.61” for Windows and Mac, and version “125.0.6422.60” for Linux. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: