Microsoft’s August Patch Tuesday updates are out, and they address a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications. Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along … Continue reading “Microsoft Patch Tuesday, August 2024 Security Update Review”
Author: Diksha Ojha
Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2024-37287)
Kibana, a data visualization tool, released a patch to address a critical severity flaw that may allow an attacker to perform arbitrary code execution on target systems. Tracked as CVE-2024-37287, the vulnerability has a CVSS score of 9.9.
Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)
Apache OFBiz is vulnerable to a pre-authentication flaw that can lead to remote code execution. Tracked as CVE-2024-38856, the vulnerability has a critical severity rating with a CVSS score of 9.8. SonicWall has discovered and reported the vulnerability to Apache. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely, leading … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)”
Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)
An authentication bypass vulnerability in the Acronis Cyber Infrastructure is being exploited in the wild. Tracked as CVE-2023-45249, this vulnerability has a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on vulnerable systems. An attacker may exploit the vulnerability … Continue reading “Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)”
Progress Telerik Report Server Insecure Deserialization Vulnerability (CVE-2024-6327)
Progress addressed a critical severity vulnerability impacting the Telerik Report Server. Tracked as CVE-2024-6327, the vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to complete system compromise. The vulnerability originates from an insecure deserialization flaw.
Cisco Secure Email Gateway Arbitrary File Write Vulnerability (CVE-2024-20401)
Cisco addressed a critical severity vulnerability in the Cisco Secure Email Gateway. Tracked as CVE-2024-20401, the vulnerability may allow an attacker to replace any file on the underlying file system.
Oracle Critical Patch Update, July 2024 Security Update Review
Oracle released its third quarterly edition of Critical Patch Update, which contains patches for 386 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In the third quarterly Oracle Critical Patch Update, Oracle Communications received … Continue reading “Oracle Critical Patch Update, July 2024 Security Update Review”
GitLab Releases Patches to Address Multiple Vulnerabilities (CVE-2024-6385)
GitLab rolled out a series of patches to address six vulnerabilities in its software development platform, one of which is rated as critical. Tracked as CVE-2024-6385, the vulnerability is rated as critical with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to run pipeline jobs as an arbitrary user.
Microsoft Patch Tuesday, July 2024 Security Update Review
July’s Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Let’s discover the highlights from Microsoft’s Patch Tuesday updates for July 2024. Microsoft Patch Tuesday’s July 2024 edition addressed 142 vulnerabilities, including five critical and 134 important severity vulnerabilities. In this month’s security updates, Microsoft has … Continue reading “Microsoft Patch Tuesday, July 2024 Security Update Review”
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2024-20399)
Cisco has released patches to address a zero-day vulnerability exploited in April. Tracked as CVE-2024-20399, the vulnerability impacts Cisco NX-OS Software. Successful exploitation of the vulnerability could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. Cybersecurity firm Sygnia reported the vulnerability to Cisco along with the information about … Continue reading “Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2024-20399)”