Announcements

Tenable has released security updates to address multiple vulnerabilities in third-party components (OpenSSL and Expat) that are used by Nessus, and Nessus Agent. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Libexpat […]

Elasticsearch has released a security update to fix critical vulnerabilities in Kibana versions 8.10.0 to 8.15.0. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code when Kibana attempts to parse a YAML document containing a crafted payload. Sample of the addressed vulnerabilities: Elasticsearch Kibana Remote Code Execution Vulnerability (CVE-2024-37285): CVSS: 9.1 Attack

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, bypass security restrictions, gain elevated privileges, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Deserialization of Untrusted Data in The Agent Portal

Adobe has released security updates to fix several vulnerabilities across Adobe Acrobat Reader, ColdFusion, and Audition. The addressed vulnerabilities could allow the attacker to trigger denial of service attacks or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe ColdFusion Code Execution Vulnerability (CVE-2024-41874): CVSS: 9.8 Attack

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed four zero-day vulnerabilities. Microsoft has fixed (79) vulnerabilities, with (2) classified as critical as they could allow the attacker to execute arbitrary code, gain access, which could result in remote code execution, gain access, and gain elevated privileges

Progress has released a security update to address a critical vulnerability affecting LoadMaster 7.2.60.0 and all prior versions and Multi-Tenant Hypervisor 7.1.35.11 and all prior versions. The addressed vulnerability could allow the unauthenticated remote attacker to execute arbitrary code, and gain access to the affected LoadMaster’s management interface using a specially crafted HTTP request. Progress

Veeam has released a security update to fix several vulnerabilities across multiple Veeam products. The addressed vulnerabilities could allow the attacker to upload malicious files, obtain sensitive information, manipulate data and files, obtain credentials, gain elevated privileges, execute malicious commands, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Veeam VSPC

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or gain elevated privileges to the affected product. Sample of the addressed vulnerabilities: 1. Cisco Smart Licensing Utility Static Credential Vulnerability (CVE-2024-20439): CVSS: 9.8 Attack Vector: Network Attack

Progress has released a security update to address several vulnerabilities affecting WhatsUp Gold versions before 2024.0.0. The addressed vulnerabilities could allow the remote attacker to perform SQL injection attacks on the affected system by sending specially crafted SQL statements. Sample of the addressed vulnerabilities: 1. Progress Software WhatsUp Gold SQL Injection (CVE-2024-6670): CVSS: 9.8 Attack

Fortra has released security updates to fix multiple vulnerabilities affecting Fortra FileCatalyst Workflow and Fortra GoAnywhere MFT. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform SQL injection attacks, or gain access to the affected system by utilizing the credentials stored in the HSQLDB. Sample of the addressed vulnerabilities: 1. Insecure

SonicWall has released a security update to fix a critical vulnerability across SonicWall SonicOS management access. The addressed vulnerability could allow the remote attacker to gain unauthorized access or in specific conditions cause the firewall to crash. SonicWall SonicOS Code Execution Vulnerability (CVE-2024-40766): CVSS: 9.3 Attack Vector: Network Attack Complexity: Low Privileges Required: None User

SolarWinds has released a security update to fix a vulnerability affecting SolarWinds Web Help Desk. The addressed vulnerability could allow the remote unauthenticated attacker to access internal functionality and modify data on the affected system. Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987): CVSS: 9.1 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction:

SolarWinds has released security updates to address a critical vulnerability affecting SolarWinds Web Help Desk 12.8.3 and all previous versions. The addressed vulnerability could allow the remote attacker to execute arbitrary code, run commands on the host machine, and gain access to the affected system. SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

Adobe has released security updates to fix several vulnerabilities across Adobe Commerce, Acrobat, and Reader. The addressed vulnerabilities could allow the attacker to bypass security restrictions, escalate privileges, perform denial of services attacks, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe Commerce Code Execution (CVE-2024-39397):

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed nine zero-day vulnerabilities. Microsoft has fixed (89) vulnerabilities, with (8) classified as critical as they could allow the attacker to execute arbitrary code, which could result in remote code execution, gain access, and gain elevated privileges to the

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Ivanti Virtual Traffic Manager (vTM

Tenable has released security updates in Security Center Patch SC-202408.1 to fix multiple vulnerabilities across Apache to version 2.4.62 and libcurl to version 8.8.0. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, obtain sensitive information, perform denial of service attacks, or execute arbitrary code and gain access to the affected system.

SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Business Intelligence Platform, SAP Build Apps, SAP BEx Web Java Runtime Export Web Service, SAP S/4 HANA, SAP NetWeaver AS Java, SAP Document Builder, SAP Business

Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, conduct cross-site scripting attacks, bypass security restrictions, or execute arbitrary commands at the root privilege level and gain access to the affected system by sending specially crafted HTTP

Aruba has released security updates to fix multiple vulnerabilities affecting several HPE Aruba products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform denial of service attacks, or execute arbitrary commands and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Unauthenticated Stack-Based Buffer Overflow (RCE) in the