Announcements

Progress has released a security update to address several vulnerabilities affecting WhatsUp Gold 23.1.2 and all older versions. The addressed vulnerability could allow the remote attacker to bypass security restrictions, perform denial of services attacks, gain elevated privileges, obtain sensitive information, upload arbitrary files, or execute arbitrary code and gain access to the affected system. […]

Fortra has released a security update to address several vulnerabilities in multiple Fortra products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, bypass security restrictions, or manipulate data and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276): CVSS: 9.8

MOVEit Transfer has released security updates to address a critical vulnerability across multiple versions of Progress MOVEit Transfer. The addressed vulnerability could allow the remote attacker to bypass authentication because of inadequate authentication measures. Progress MOVEit Transfer Authentication Bypass Vulnerability (CVE-2024-5806): CVSS: 9.1 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None

Trellix has released a security update to fix multiple vulnerabilities across Trellix Intrusion Prevention System. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or execute arbitrary code and gain access to the affected system. The addressed vulnerabilities: 1. Trellix Intrusion Prevention System Manager Code Execution Vulnerability (CVE-2024-5671): CVSS: 9.8 Attack Vector:

VMware has released a security update to address several vulnerabilities in multiple VMware products, including VMware vCenter Server and VMware Cloud Foundation. The addressed vulnerabilities could allow the attacker to gain elevated privileges, or execute arbitrary code and gain access to the affected system by sending a specially crafted packet. Sample of the addressed vulnerabilities:

Adobe has released security updates to fix multiple vulnerabilities across several Adobe products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, escalate privilege, obtain sensitive information, trigger denial of services attacks, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe Commerce and Magento

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one zero-day vulnerability. Microsoft has fixed (51) vulnerabilities, with (1) classified as critical as they could allow the attacker to execute arbitrary code, remote code execution, and gain access to the affected products. June’s Patch Tuesday was released

Veeam has released a security update to fix a critical vulnerability across Veeam Recovery Orchestrator. The addressed vulnerability could allow the remote attacker to gain access to the VRO web UI with administrative privileges in the affected system. Veeam Recovery Orchestrator Gain Access Vulnerability (CVE-2024-29855): CVSS: 9 Attack Vector: Network Attack Complexity: High Privileges Required:

PHP has released security updates to fix several vulnerabilities across multiple PHP versions (8.1, 8.2, 8.3). The addressed vulnerabilities could allow the attacker to bypass security restrictions, execute arbitrary code, and gain access to the affected product by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. PHP Code Execution Vulnerability (CVE-2024-4577): CVSS:

OpenSSL has released a security update to fix a critical vulnerability across multiple OpenSSL versions. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected systems by sending a specially crafted request. OpenSSL Code Execution Vulnerability (CVE-2024-4741): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low Privileges Required:

SolarWinds has released security updates to address several vulnerabilities across multiple SolarWinds products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, overwrite arbitrary files, perform cross-site scripting attacks, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. SolarWinds Access Rights Manager Code Execution (CVE-2024-28075):

Veeam has released security updates to fix several vulnerabilities across multiple Veeam products. The addressed vulnerabilities could allow the attacker to obtain sensitive information or gain elevated privileges to the affected products. Sample of the addressed vulnerabilities: Veeam Backup Enterprise Manager Privilege Escalation Vulnerability (CVE-2024- 29849): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low Privileges

Ivanti has released security updates to fix multiple vulnerabilities across Ivanti products. The addressed vulnerabilities could allow the attacker to conduct denial of service attacks, obtain sensitive information, perform cross-site scripting attacks, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti EPM Core Server SQL Injection

Aruba has released security updates to fix multiple vulnerabilities affecting ArubaOS and InstantOS. The addressed vulnerabilities could allow the attacker to obtain sensitive information, perform denial of service attacks, manipulate data, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Aruba Instantos/Arubaos PAPI Buffer Overflow Vulnerability (CVE-2024-

Intel has released security updates to address several vulnerabilities in multiple Intel products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform denial-of-service attacks on the affected products. Samples of the addressed vulnerabilities: 1. Intel Neural Compressor Software Privilege Escalation Vulnerability (CVE- 2023-39425): CVSS: 10 Attack Vector: Networt

VMware has released a security update to address multiple vulnerabilities in VMware Workstation and Fusion. The addressed vulnerabilities could allow the attacker to overflow a buffer, obtain sensitive information, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. VMware Workstation and Fusion Vbluetooth Code Execution (CVE-2024-22267): CVSS:

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP Business Client, SAP Commerce, SAP NetWeaver Application Server ABAP and ABAP Platform, SAP BusinessObjects, SAP S/4HANA (Document Service Handler for DPS), My Travel Requests, SAP Replication

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed three actively exploited zero-day vulnerabilities. Microsoft has fixed (61) vulnerabilities, with (1) classified as critical as they could allow the attacker to execute arbitrary code, remote code execution, and gain access to the affected products. May’s Patch Tuesday

Veeam has released a security update to fix a vulnerability in Veeam Service Provider Console versions (4.0, 5.0, 6.0, 7.0, 8.0). The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system. Veeam Service Provider Console (VSPC) Remote Code Execution Vulnerability (CVE-2024-29212): CVSS: 9.9 Attack Vector: Network

Aruba has released a security update to fix multiple vulnerabilities affecting several Aruba products. The addressed vulnerabilities could allow the unauthenticated remote attacker to perform denial of service attacks, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. HPE ArubaOS Remote Code Execution Vulnerability (CVE-2024-26305): CVSS: 9.8