Announcements

Grafana has released security updates to address multiple vulnerabilities affecting several Grafana versions. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: Grafana SQL Expressions Code Execution Vulnerability (CVE-2024-9264): CVSS: 9.9 Attack Vector: Network […]

Oracle released its critical patch updates for October 2024, containing (334) new security patches for multiple affected products in Oracle code and third-party components. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, performing denial of service attacks, conducting cross-site scripting attacks, bypassing security restrictions, gaining elevated privileges,

Palo Alto has released security updatesto fix multiple vulnerabilities across several Palo Alto products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, conduct reflected XSS attacks, obtain sensitive information, bypass security restrictions or execute arbitrary commands, and gain access to the affected systems. Sample of the addressed

Mozilla has released an updated Firefox version 131.0.2, Firefox ESR versions 128.3.1, and 115.16.1 to fix a zero-day vulnerability. The addressed vulnerability could allow the remote attacker to execute arbitrary code in the content process, and gain access to the affected products by exploiting a use-after-free in Animation timelines. Mozilla Firefox Code Execution Vulnerability (CVE-2024-9680):

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, bypass security restrictions, gain elevated privileges, perform a denial of service attack, conduct SQL injection attacks, or execute arbitrary code and gain access to the affected system. Sample of the addressed

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed five zero-day vulnerabilities. Microsoft has fixed (118) vulnerabilities, with (2) classified as critical as they could allow the attacker to execute arbitrary code, gain access, which could result in remote code execution, gain access, and gain elevated privileges

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privilege, perform denial of services attacks, or execute arbitrary commands and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Cisco Nexus Dashboard Fabric Controller Arbitrary

Ivanti has released a security update to fix a critical vulnerability across Ivanti Cloud Services Appliance (CSA) version 4.6. The addressed vulnerability could allow the remote unauthenticated attacker to traverse directories on the system by sending a specially crafted URL request to access restricted functionality and obtain sensitive information. The threat actors could exploit this

VMware has released a security update to address several vulnerabilities across multiple VMware products. The addressed vulnerabilities could allow the attacker to execute buffer overflow attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. VMware vCenter Server Buffer Overflow Vulnerability (CVE-2024-38812): CVSS: 9.8

SolarWinds has released a security update to address multiple vulnerabilities affecting SolarWinds ARM 2024.3 and prior versions. The addressed vulnerabilities could allow the attacker to bypass security restrictions or execute arbitrary code and gain access to the affected system. The addressed vulnerabilities: 1. SolarWinds Access Rights Manager Code Execution (CVE-2024-28991): CVSS: 9 Attack Vector: Adjacent

Tenable has released security updates to address multiple vulnerabilities in third-party components (OpenSSL and Expat) that are used by Nessus, and Nessus Agent. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Libexpat

Elasticsearch has released a security update to fix critical vulnerabilities in Kibana versions 8.10.0 to 8.15.0. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code when Kibana attempts to parse a YAML document containing a crafted payload. Sample of the addressed vulnerabilities: Elasticsearch Kibana Remote Code Execution Vulnerability (CVE-2024-37285): CVSS: 9.1 Attack

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, bypass security restrictions, gain elevated privileges, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Deserialization of Untrusted Data in The Agent Portal

Adobe has released security updates to fix several vulnerabilities across Adobe Acrobat Reader, ColdFusion, and Audition. The addressed vulnerabilities could allow the attacker to trigger denial of service attacks or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe ColdFusion Code Execution Vulnerability (CVE-2024-41874): CVSS: 9.8 Attack

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed four zero-day vulnerabilities. Microsoft has fixed (79) vulnerabilities, with (2) classified as critical as they could allow the attacker to execute arbitrary code, gain access, which could result in remote code execution, gain access, and gain elevated privileges

Progress has released a security update to address a critical vulnerability affecting LoadMaster 7.2.60.0 and all prior versions and Multi-Tenant Hypervisor 7.1.35.11 and all prior versions. The addressed vulnerability could allow the unauthenticated remote attacker to execute arbitrary code, and gain access to the affected LoadMaster’s management interface using a specially crafted HTTP request. Progress

Veeam has released a security update to fix several vulnerabilities across multiple Veeam products. The addressed vulnerabilities could allow the attacker to upload malicious files, obtain sensitive information, manipulate data and files, obtain credentials, gain elevated privileges, execute malicious commands, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Veeam VSPC

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or gain elevated privileges to the affected product. Sample of the addressed vulnerabilities: 1. Cisco Smart Licensing Utility Static Credential Vulnerability (CVE-2024-20439): CVSS: 9.8 Attack Vector: Network Attack

Progress has released a security update to address several vulnerabilities affecting WhatsUp Gold versions before 2024.0.0. The addressed vulnerabilities could allow the remote attacker to perform SQL injection attacks on the affected system by sending specially crafted SQL statements. Sample of the addressed vulnerabilities: 1. Progress Software WhatsUp Gold SQL Injection (CVE-2024-6670): CVSS: 9.8 Attack

Fortra has released security updates to fix multiple vulnerabilities affecting Fortra FileCatalyst Workflow and Fortra GoAnywhere MFT. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform SQL injection attacks, or gain access to the affected system by utilizing the credentials stored in the HSQLDB. Sample of the addressed vulnerabilities: 1. Insecure