Progress released a patch to address a critical severity vulnerability in Flowman. Tracked as CVE-2024-2389, the vulnerability is given a CVSS base score of 10. Successful exploitation of the vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on a targeted system.
Category: ThreatPROTECT
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities Exploited in the Wild (CVE-2024-20353 & CVE-2024-20359)
Cisco released software updates to address two actively exploited vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software (CVE-2024-20353 & CVE-2024-20359). Successful exploitation of the vulnerabilities may result in remote code execution and denial of service (DoS) conditions. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, acknowledging … Continue reading “Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Vulnerabilities Exploited in the Wild (CVE-2024-20353 & CVE-2024-20359)”
Ivanti Patches Multiple Vulnerabilities Impacting Avalanche Mobile Device Management Solution (CVE-2024-24996 & CVE-2024-29204)
Ivanti released a security advisory to address 27 medium, high, and critical severity vulnerabilities in its mobile device management solution Avalanche. CVE-2024-24996 and CVE-2024-29204 are the two vulnerabilities that have been given critical severity ratings. Successful exploitation of the vulnerabilities may allow remote attackers to trigger denial-of-service attacks, execute arbitrary commands as SYSTEM, read sensitive … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Avalanche Mobile Device Management Solution (CVE-2024-24996 & CVE-2024-29204)”
Oracle Patch Update, April 2024 Security Update Review
Oracle released its second quarterly edition of Critical Patch Update, which contains patches for 441 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In the second quarterly Oracle Critical Patch Update, Oracle Communications received … Continue reading “Oracle Patch Update, April 2024 Security Update Review”
PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) (Operation MidnightEclipse)
Attackers are exploiting a command injection vulnerability in Palo Alto Networks PAN-OS software. Tracked as CVE-2024-3400, the vulnerability has been given a critical severity rating and a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code with root privileges on the firewall. The vulnerability exists in the … Continue reading “PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) (Operation MidnightEclipse)”
Rust Standard Library Remote Code Execution Vulnerability (BatBadBut) (CVE-2024-24576)
Rust standard library is vulnerable to a critical severity flaw that can be exploited on Windows targets. Tracked as CVE-2024-24576, the vulnerability has been given a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on a targeted Windows system. The vulnerability is being called BatBadBut.
Fortinet FortiClientLinux Remote Code Execution Vulnerability (CVE-2023-45590)
Fortinet FortiClientLinux is vulnerable to a critical severity flaw being tracked as CVE-2023-45590. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the affected systems. To exploit this improper code injection flaw, an attacker must trick a FortiClientLinux user into visiting a malicious website.
Microsoft Patch Tuesday, April 2024 Security Update Review
Welcome to another insightful dive into Microsoft’s Patch Tuesday! This month’s security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday’s April 2024 edition addressed 155 vulnerabilities, including three … Continue reading “Microsoft Patch Tuesday, April 2024 Security Update Review”
Ivanti Neurons for ITSM Authenticated Remote File Write Vulnerability (CVE-2023-46808)
Ivanti Neurons for ITSM is vulnerable to a critical flaw tracked as CVE-2024-46808. Successful exploitation of the vulnerability may allow an attacker to write files to sensitive directories.
Atlassian Bamboo Server and Data Center SQL Injection Vulnerability (CVE-2024-1597)
Atlassian released its Monthly Security Bulletin for March, which addressed 24 high-severity vulnerabilities and one critical-severity vulnerability (CVE-2024-1597). CVE-2024-1597 is a SQL injection vulnerability in the Atlassian Bamboo Server and Data Center. The vulnerability has been given a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability may allow an … Continue reading “Atlassian Bamboo Server and Data Center SQL Injection Vulnerability (CVE-2024-1597)”