Apache released a security advisory to address a critical vulnerability in the Tomcat server. Tracked as CVE-2024-56337, the vulnerability may allow an attacker to perform remote code execution on vulnerable servers.
Author: Diksha Ojha
Adobe ColdFusion Arbitrary File System Read Vulnerability (CVE-2024-53961)
Adobe released a security advisory to address a critical severity vulnerability impacting ColdFusion. Tracked as CVE-2024-53961, the vulnerability may allow attackers to read arbitrary files on vulnerable servers. The vulnerability originates from a path traversal flaw that may lead to providing unauthorized access to attackers and data exposure.
Sophos Patches Multiple Vulnerabilities in Firewall (CVE-2024-12727, CVE-2024-12728, & CVE-2024-12729)
Sophos released a security advisory to address three vulnerabilities impacting Sophos Firewall products. Tracked as CVE-2024-12727, CVE-2024-12728, & CVE-2024-12729, the vulnerabilities may lead to remote code execution and information disclosure.
Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability (CVE-2023-34990)
Fortinet released a security advisory to address an unauthenticated file read vulnerability in FortiWLM. Tracked as CVE-2024-34990, the vulnerability has a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to read sensitive files. The vulnerability originates from a path traversal issue that may … Continue reading “Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability (CVE-2023-34990)”
CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)
Cybersecurity & Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with two vulnerabilities in Cleo Harmony, VLTrader, and LexiCom. Tracked as CVE-2024-50623 & CVE-2024-55956, successful exploitation of the vulnerability may lead to remote code execution. CISA urged users to patch the vulnerabilities before January 3, 2025 (CVE-2024-50623) and January 7, 2025 (CVE-2024-55956). Cleo … Continue reading “CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)”
Apache Struts2 Remote Code Execution Vulnerability (CVE-2024-53677)
Apache released a security advisory to address a critical severity vulnerability in Struts2. Tracked as CVE-2024-53677, successful exploitation of the vulnerability may allow a remote attacker to execute arbitrary code, leading to critical data loss and possible system compromise.
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Connect Secure, Policy Secure, Cloud Services Application, and Sentry
Ivanti released its December 2024 security advisory to address nine critical and high severity vulnerabilities in its products, such as Ivanti Connect Secure, Policy Secure, Cloud Services Application, and Sentry. Five of these nine vulnerabilities are rated as critical. Ivanti mentioned in the advisory that there was no prior knowledge of any customers being exploited … Continue reading “Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Connect Secure, Policy Secure, Cloud Services Application, and Sentry”
Microsoft Patch Tuesday, December 2024 Security Update Review
Closing out 2024, Microsoft’s December Patch Tuesday highlights the importance of year-end maintenance with updates tackling critical vulnerabilities. As cyber threats remain persistent, these patches serve as a vital reminder of the ongoing need for robust system security. Microsoft Patch Tuesday, December 2024 edition addressed 73 vulnerabilities, including 16 critical and 54 important severity vulnerabilities. … Continue reading “Microsoft Patch Tuesday, December 2024 Security Update Review”
Veeam Service Provider Console Multiple Security Vulnerabilities (CVE-2024-42448 & CVE-2024-42449)
Veeam Service Provider Console is vulnerable to two security flaws tracked as CVE-2024-42448 and CVE-2024-42449. Both vulnerabilities were discovered during the internal testing at Veeam. Successful exploitation of the vulnerabilities may allow an attacker to execute arbitrary code or leak the NTLM hash of the VSPC server service account and delete files on the VSPC … Continue reading “Veeam Service Provider Console Multiple Security Vulnerabilities (CVE-2024-42448 & CVE-2024-42449)”
Progress WhatsUp Gold Remote Code Execution Vulnerability (CVE-2024-8785)
Progress WhatsUp Gold is vulnerable to a critical severity flaw that may allow an attacker to execute remote code on the affected system. Tracked as CVE-2024-8785, the vulnerability has a CVSS score of 9.8. The PoC exploit code for the vulnerability has been made public by the security researchers who discovered the vulnerability.
