Announcements

SonicWall has released a security update to fix a critical vulnerability across SonicWall SonicOS management access. The addressed vulnerability could allow the remote attacker to gain unauthorized access or in specific conditions cause the firewall to crash. SonicWall SonicOS Code Execution Vulnerability (CVE-2024-40766): CVSS: 9.3 Attack Vector: Network Attack Complexity: Low Privileges Required: None User […]

SolarWinds has released a security update to fix a vulnerability affecting SolarWinds Web Help Desk. The addressed vulnerability could allow the remote unauthenticated attacker to access internal functionality and modify data on the affected system. Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987): CVSS: 9.1 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction:

SolarWinds has released security updates to address a critical vulnerability affecting SolarWinds Web Help Desk 12.8.3 and all previous versions. The addressed vulnerability could allow the remote attacker to execute arbitrary code, run commands on the host machine, and gain access to the affected system. SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

Adobe has released security updates to fix several vulnerabilities across Adobe Commerce, Acrobat, and Reader. The addressed vulnerabilities could allow the attacker to bypass security restrictions, escalate privileges, perform denial of services attacks, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe Commerce Code Execution (CVE-2024-39397):

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed nine zero-day vulnerabilities. Microsoft has fixed (89) vulnerabilities, with (8) classified as critical as they could allow the attacker to execute arbitrary code, which could result in remote code execution, gain access, and gain elevated privileges to the

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Ivanti Virtual Traffic Manager (vTM

Tenable has released security updates in Security Center Patch SC-202408.1 to fix multiple vulnerabilities across Apache to version 2.4.62 and libcurl to version 8.8.0. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, obtain sensitive information, perform denial of service attacks, or execute arbitrary code and gain access to the affected system.

SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Business Intelligence Platform, SAP Build Apps, SAP BEx Web Java Runtime Export Web Service, SAP S/4 HANA, SAP NetWeaver AS Java, SAP Document Builder, SAP Business

Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, conduct cross-site scripting attacks, bypass security restrictions, or execute arbitrary commands at the root privilege level and gain access to the affected system by sending specially crafted HTTP

Aruba has released security updates to fix multiple vulnerabilities affecting several HPE Aruba products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform denial of service attacks, or execute arbitrary commands and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Unauthenticated Stack-Based Buffer Overflow (RCE) in the

Progress Telerik has released a security update to address a critical vulnerability affecting Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709). The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system. Progress Telerik OS Remote Code Execution Vulnerability (CVE-2024-6327): CVSS: 9.9 Attack Vector: Network

SolarWinds has released security updates to address several vulnerabilities affecting SolarWinds Access Rights Manager. information, bypass security restrictions, or execute arbitrary code and gain access to the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. SolarWinds Access Rights Manager Remote Code Execution Vulnerability (CVE-2024-23469): CVSS: 9.6 Attack Vector: Adjacent

Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the attacker to change the password of the users including administrative users, bypass security restrictions, perform spoofing attacks, cause denial of service attacks, elevate privileges to root, redirect the users to a malicious web page, obtain sensitive

Oracle released its critical patch updates for July 2024, containing (386) new security patches for multiple affected products in Oracle code and third-party components. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, performing denial of service attacks, bypassing security restrictions, data manipulation (view, modify, add, delete), executing

Palo Alto has released security updates to fix multiple vulnerabilities across several Palo Alto products. The addressed vulnerabilities could allow the attacker to elevate privilege to root access, bypass security restrictions, execute untrusted software without being detected or blocked, and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Palo Alto Expedition

Citrix has released security updates to address several vulnerabilities across multiple Citrix products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, gain privileges, obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected system by sending a specially crafted request. Sample of the addressed

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed four zero-day vulnerabilities. Microsoft has fixed (142) vulnerabilities, with (4) classified as critical as they could allow the attacker to execute arbitrary code, this could result in remote code execution, gain access, and gain elevated privileges to the

Apache has released a security update to address several vulnerabilities across Apache HTTP Server 2.4.58 and earlier. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, bypass security restrictions, obtain sensitive information, execute arbitrary code, and gain access to the affected system by sending a specially crafted request. Sample of the

OpenSSH released a security update to fix a vulnerability affecting all versions of OpenSSH between 8.5p1 and 9.7p1. The addressed vulnerability could allow the unauthenticated remote attacker to execute arbitrary code with root privileges and gain access to the affected system by sending specially crafted requests. OpenSSH Code Execution Vulnerability (CVE-2024-6387): CVSS: 9.8 Attack Vector:

Juniper has released security updates to fix a critical vulnerability that affects multiple Juniper products. The addressed vulnerability could allow the remote attacker to bypass security restrictions, bypass authentication, and take full control of the affected products by sending specially crafted requests. Juniper Networks Session Smart Router Security Bypass (CVE-2024-2973): CVSS: 10 Attack Vector: Network