Apache released a security advisory to address a critical vulnerability in the Tomcat server. Tracked as CVE-2024-56337, the vulnerability may allow an attacker to perform remote code execution on vulnerable servers.
Category: ThreatPROTECT
Adobe ColdFusion Arbitrary File System Read Vulnerability (CVE-2024-53961)
Adobe released a security advisory to address a critical severity vulnerability impacting ColdFusion. Tracked as CVE-2024-53961, the vulnerability may allow attackers to read arbitrary files on vulnerable servers. The vulnerability originates from a path traversal flaw that may lead to providing unauthorized access to attackers and data exposure.
Sophos Patches Multiple Vulnerabilities in Firewall (CVE-2024-12727, CVE-2024-12728, & CVE-2024-12729)
Sophos released a security advisory to address three vulnerabilities impacting Sophos Firewall products. Tracked as CVE-2024-12727, CVE-2024-12728, & CVE-2024-12729, the vulnerabilities may lead to remote code execution and information disclosure.
Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability (CVE-2023-34990)
Fortinet released a security advisory to address an unauthenticated file read vulnerability in FortiWLM. Tracked as CVE-2024-34990, the vulnerability has a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to read sensitive files. The vulnerability originates from a path traversal issue that may … Continue reading “Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability (CVE-2023-34990)”
CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)
Cybersecurity & Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with two vulnerabilities in Cleo Harmony, VLTrader, and LexiCom. Tracked as CVE-2024-50623 & CVE-2024-55956, successful exploitation of the vulnerability may lead to remote code execution. CISA urged users to patch the vulnerabilities before January 3, 2025 (CVE-2024-50623) and January 7, 2025 (CVE-2024-55956). Cleo … Continue reading “CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)”
Apache Struts2 Remote Code Execution Vulnerability (CVE-2024-53677)
Apache released a security advisory to address a critical severity vulnerability in Struts2. Tracked as CVE-2024-53677, successful exploitation of the vulnerability may allow a remote attacker to execute arbitrary code, leading to critical data loss and possible system compromise.
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Connect Secure, Policy Secure, Cloud Services Application, and Sentry
Ivanti released its December 2024 security advisory to address nine critical and high severity vulnerabilities in its products, such as Ivanti Connect Secure, Policy Secure, Cloud Services Application, and Sentry. Five of these nine vulnerabilities are rated as critical. Ivanti mentioned in the advisory that there was no prior knowledge of any customers being exploited … Continue reading “Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Connect Secure, Policy Secure, Cloud Services Application, and Sentry”
Microsoft Patch Tuesday, December 2024 Security Update Review
Closing out 2024, Microsoft’s December Patch Tuesday highlights the importance of year-end maintenance with updates tackling critical vulnerabilities. As cyber threats remain persistent, these patches serve as a vital reminder of the ongoing need for robust system security. Microsoft Patch Tuesday, December 2024 edition addressed 73 vulnerabilities, including 16 critical and 54 important severity vulnerabilities. … Continue reading “Microsoft Patch Tuesday, December 2024 Security Update Review”
Progress WhatsUp Gold Remote Code Execution Vulnerability (CVE-2024-8785)
Progress WhatsUp Gold is vulnerable to a critical severity flaw that may allow an attacker to execute remote code on the affected system. Tracked as CVE-2024-8785, the vulnerability has a CVSS score of 9.8. The PoC exploit code for the vulnerability has been made public by the security researchers who discovered the vulnerability.
Zyxel Firewall Directory Traversal Vulnerability Exploited in Ransomware Attack (CVE-2024-11667)
Zyxel Firewall is vulnerable to a critical vulnerability being used in recent cyberattacks. Tracked as CVE-2024-11667, the flaw used to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) has issued the details informing the severity of these attacks and the immediate steps that organizations must take to protect their network devices. CVE-2024-11667 is a … Continue reading “Zyxel Firewall Directory Traversal Vulnerability Exploited in Ransomware Attack (CVE-2024-11667)”
