Mozilla warns about the active exploitation of a vulnerability impacting Firefox and the Firefox Extended Support Release (ESR). Tracked as CVE-2024-9680, the vulnerability has a critical severity rating with a CVSS score of 9.8. Damien Schaeffer from ESET discovered and reported the vulnerability to Mozilla. CVE-2024-9680 is a use after free vulnerability in the Animation … Continue reading “Mozilla Firefox and Firefox ESR Use-After-Free Zero-day Vulnerability (CVE-2024-9680)”
Microsoft Patch Tuesday, October 2024 Security Update Review
Microsoft has rolled out its October 2024 Patch Tuesday updates, offering vital security fixes for IT professionals to implement. With several critical vulnerabilities patched, this release highlights the ongoing need for regular maintenance and attention to security. Microsoft Patch’s Tuesday, October 2024 edition addressed 121 vulnerabilities, including three critical and 114 important severity vulnerabilities. In … Continue reading “Microsoft Patch Tuesday, October 2024 Security Update Review”
CUPS Printing Systems Remote Code Execution Vulnerability (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, & CVE-2024-47177)
CUPS, an open-source printing system, is vulnerable to multiple unauthenticated remote code execution vulnerabilities tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. The vulnerabilities affect all GNU/Linux systems. Successful exploitation of the vulnerabilities may allow a remote attacker to execute arbitrary code on a target system without valid credentials or prior access. Organizations like Canonical and … Continue reading “CUPS Printing Systems Remote Code Execution Vulnerability (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, & CVE-2024-47177)”
Broadcom Releases Patch for vCenter Server Multiple Vulnerabilities (CVE-2024-38812 & CVE-2024-38813)
VMware vCenter is vulnerable to two security vulnerabilities, tracked as CVE-2024-38812 & CVE-2024-38813. One vulnerability (CVE-2024-38812) has been given a critical severity rating that may allow an attacker to perform remote code execution. The second vulnerability (CVE-2024-38813) may result in privilege escalation.
GitLab Addressed Authentication Bypass Vulnerability in Community Edition (CE) and Enterprise Edition (EE) (CVE-2024-45409)
GitLab released an update to address a vulnerability in the Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2024-45409, the vulnerability has a critical severity rating with a CVSS score of 10. The vulnerability originates from the Ruby SAML library used in multiple GitLab CE/EE versions. The omniauth-saml versions before 2.2.0 and ruby-saml versions before … Continue reading “GitLab Addressed Authentication Bypass Vulnerability in Community Edition (CE) and Enterprise Edition (EE) (CVE-2024-45409)”
Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)
Ivanti released security updates to 16 security vulnerabilities of varying severities. Ten of these vulnerabilities are given a critical severity rating, while two are rated high and four are rated medium. Successful exploitation of the vulnerabilities could lead to unauthorized access to the EPM core server.
GitLab Patches Multiple Vulnerabilities impacting Community Edition (CE) and Enterprise Edition (EE)
GitLab released a security advisory to address 18 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). One of these vulnerabilities tracked as CVE-2024-6678, is given a critical severity rating with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an attacker to trigger a pipeline as an arbitrary user.
Microsoft Patch Tuesday, September 2024 Security Update Review
Microsoft’s September Patch Tuesday updates are out, addressing a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications. Microsoft Patch’s Tuesday, September 2024 edition addressed 79 vulnerabilities, including six critical and 71 important severity vulnerabilities. In this month’s updates, Microsoft has addressed four zero-day vulnerabilities known to be exploited … Continue reading “Microsoft Patch Tuesday, September 2024 Security Update Review”
Cisco Patches Identity Services Engine (ISE) Vulnerability with Public Exploit Code (CVE-2024-20469)
Cisco warned its customers about a security flaw impacting the Cisco Identity Services Engine (ISE), which has a publicly available exploit code. Tracked as CVE-2024-20469, the vulnerability may allow an attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. Rafal Lykowski and Alexandre Labbé of A1 Digital International … Continue reading “Cisco Patches Identity Services Engine (ISE) Vulnerability with Public Exploit Code (CVE-2024-20469)”
Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication
Veeam released a security advisory to address six vulnerabilities of varying severities. Successful exploitation of the vulnerabilities may allow remote attackers to execute arbitrary code, leading to possible system compromise. One of the six vulnerabilities tracked as CVE-2024-40711 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an attacker … Continue reading “Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication”
