Announcements

SolarWinds has released security updates to address several vulnerabilities across multiple SolarWinds products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, overwrite arbitrary files, perform cross-site scripting attacks, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. SolarWinds Access Rights Manager Code Execution (CVE-2024-28075): […]

Veeam has released security updates to fix several vulnerabilities across multiple Veeam products. The addressed vulnerabilities could allow the attacker to obtain sensitive information or gain elevated privileges to the affected products. Sample of the addressed vulnerabilities: Veeam Backup Enterprise Manager Privilege Escalation Vulnerability (CVE-2024- 29849): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low Privileges

Ivanti has released security updates to fix multiple vulnerabilities across Ivanti products. The addressed vulnerabilities could allow the attacker to conduct denial of service attacks, obtain sensitive information, perform cross-site scripting attacks, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti EPM Core Server SQL Injection

Aruba has released security updates to fix multiple vulnerabilities affecting ArubaOS and InstantOS. The addressed vulnerabilities could allow the attacker to obtain sensitive information, perform denial of service attacks, manipulate data, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Aruba Instantos/Arubaos PAPI Buffer Overflow Vulnerability (CVE-2024-

Intel has released security updates to address several vulnerabilities in multiple Intel products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform denial-of-service attacks on the affected products. Samples of the addressed vulnerabilities: 1. Intel Neural Compressor Software Privilege Escalation Vulnerability (CVE- 2023-39425): CVSS: 10 Attack Vector: Networt

VMware has released a security update to address multiple vulnerabilities in VMware Workstation and Fusion. The addressed vulnerabilities could allow the attacker to overflow a buffer, obtain sensitive information, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. VMware Workstation and Fusion Vbluetooth Code Execution (CVE-2024-22267): CVSS:

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP Business Client, SAP Commerce, SAP NetWeaver Application Server ABAP and ABAP Platform, SAP BusinessObjects, SAP S/4HANA (Document Service Handler for DPS), My Travel Requests, SAP Replication

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed three actively exploited zero-day vulnerabilities. Microsoft has fixed (61) vulnerabilities, with (1) classified as critical as they could allow the attacker to execute arbitrary code, remote code execution, and gain access to the affected products. May’s Patch Tuesday

Veeam has released a security update to fix a vulnerability in Veeam Service Provider Console versions (4.0, 5.0, 6.0, 7.0, 8.0). The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system. Veeam Service Provider Console (VSPC) Remote Code Execution Vulnerability (CVE-2024-29212): CVSS: 9.9 Attack Vector: Network

Aruba has released a security update to fix multiple vulnerabilities affecting several Aruba products. The addressed vulnerabilities could allow the unauthenticated remote attacker to perform denial of service attacks, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. HPE ArubaOS Remote Code Execution Vulnerability (CVE-2024-26305): CVSS: 9.8

CrushFTP has released a security update to fix a critical vulnerability in CrushFTP versions below 11.1. The addressed vulnerability could allow the unauthenticated remote attacker to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the affected system. CrushFTP Code Execution Vulnerability

Oracle released its critical patch updates for April 2024, containing (441) new security patches for multiple affected products in Oracle code and third-party components. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, performing denial of service attacks, bypassing security restrictions, and gaining access to the affected systems.

Ivanti has released security updates to fix several vulnerabilities affecting all versions of Ivanti Avalanche before version 6.4.3. The addressed vulnerabilities could allow the remote attacker to conduct denial of service attacks, obtain sensitive information, or execute arbitrary codes or commands and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Ivanti

Progress has released security updates to address several vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, or execute arbitrary commands on the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: Progress Flowmon OS Command Execution Vulnerability (CVE-2024-2389): CVSS: 10.0 Attack Vector: Network

Palo Alto has released security updates to fix multiple vulnerabilities across several products. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, obtain information, elevate privileges, or perform denial-of-service attacks on the affected products. Sample of the addressed vulnerabilities: 1. Palo Alto OS Command Injection Vulnerability (CVE-2024-3400): CVSS: 10 Attack Vector: Network

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, and gain access to the affected products by sending specially crafted requests. Sample of the addressed vulnerabilities: 1. FortiClient Linux Remote Code Execution Vulnerability (CVE-2023-45590): CVSS: 9.4 Attack Vector: Network Attack

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. Microsoft has fixed (150) vulnerabilities, with (3) classified as critical as they could allow the attacker to execute arbitrary code, and gain access to the affected products. April’s Patch Tuesday was released to fix security flaws in several Microsoft products such as

RedHat has warned users to immediately stop using systems running Fedora development and experimental versions because of a vulnerability found in the latest Linux XZ Utils versions 5.6.0 and 5.6.1. The severity of the addressed vulnerability could allow the remote attacker to gain unauthorized access to the entire affected system remotely, caused by malicious embedded

Mozilla has released an updated Firefox version 124.0.1, and Firefox ESR version 115.9.1 to fix two zero-day vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected products by fooling range-based bounds check elimination or injecting an event handler into a privileged object. The addressed vulnerabilities:

Atlassian has released security updates to address several vulnerabilities across multiple products and third-party components included in Atlassian products. The addressed vulnerabilities could allow the attacker to manipulate data, view, add, modify, or delete information in the back-end database, obtain sensitive information, perform denial of service attacks, or execute arbitrary code and gain access to