Oracle released the last quarterly edition of this year’s Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In this quarterly Oracle Critical Patch Update, Oracle … Continue reading “Oracle Critical Patch Update, October 2024 Security Update Review”
Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, & CVE-2024-9467)
Palo Alto Networks releases patches to address five security vulnerabilities impacting Palo Alto Networks’ Expedition solution. Successful exploitation may allow attackers to access sensitive data, such as user credentials, to help take over firewall admin accounts. An attacker may also chain the vulnerabilities to hijack PAN-OS firewalls. Palo Alto Networks is unaware of any malicious … Continue reading “Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, & CVE-2024-9467)”
Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Cloud Services Appliance (CVE-2024-9379, CVE-2024-9380, & CVE-2024-9381)
Ivanti released a patch to address three Cloud Services Appliance (CSA) zero-day vulnerabilities actively exploited in attacks. CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381 are high and medium severity vulnerabilities that may allow an attacker with admin privileges to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution. Ivanti mentioned in the advisory, “We are aware … Continue reading “Ivanti Releases Fixes for Multiple Vulnerabilities Impacting Cloud Services Appliance (CVE-2024-9379, CVE-2024-9380, & CVE-2024-9381)”
Mozilla Firefox and Firefox ESR Use-After-Free Zero-day Vulnerability (CVE-2024-9680)
Mozilla warns about the active exploitation of a vulnerability impacting Firefox and the Firefox Extended Support Release (ESR). Tracked as CVE-2024-9680, the vulnerability has a critical severity rating with a CVSS score of 9.8. Damien Schaeffer from ESET discovered and reported the vulnerability to Mozilla. CVE-2024-9680 is a use after free vulnerability in the Animation … Continue reading “Mozilla Firefox and Firefox ESR Use-After-Free Zero-day Vulnerability (CVE-2024-9680)”
Microsoft Patch Tuesday, October 2024 Security Update Review
Microsoft has rolled out its October 2024 Patch Tuesday updates, offering vital security fixes for IT professionals to implement. With several critical vulnerabilities patched, this release highlights the ongoing need for regular maintenance and attention to security. Microsoft Patch’s Tuesday, October 2024 edition addressed 121 vulnerabilities, including three critical and 114 important severity vulnerabilities. In … Continue reading “Microsoft Patch Tuesday, October 2024 Security Update Review”
CUPS Printing Systems Remote Code Execution Vulnerability (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, & CVE-2024-47177)
CUPS, an open-source printing system, is vulnerable to multiple unauthenticated remote code execution vulnerabilities tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. The vulnerabilities affect all GNU/Linux systems. Successful exploitation of the vulnerabilities may allow a remote attacker to execute arbitrary code on a target system without valid credentials or prior access. Organizations like Canonical and … Continue reading “CUPS Printing Systems Remote Code Execution Vulnerability (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, & CVE-2024-47177)”
Broadcom Releases Patch for vCenter Server Multiple Vulnerabilities (CVE-2024-38812 & CVE-2024-38813)
VMware vCenter is vulnerable to two security vulnerabilities, tracked as CVE-2024-38812 & CVE-2024-38813. One vulnerability (CVE-2024-38812) has been given a critical severity rating that may allow an attacker to perform remote code execution. The second vulnerability (CVE-2024-38813) may result in privilege escalation.
GitLab Addressed Authentication Bypass Vulnerability in Community Edition (CE) and Enterprise Edition (EE) (CVE-2024-45409)
GitLab released an update to address a vulnerability in the Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2024-45409, the vulnerability has a critical severity rating with a CVSS score of 10. The vulnerability originates from the Ruby SAML library used in multiple GitLab CE/EE versions. The omniauth-saml versions before 2.2.0 and ruby-saml versions before … Continue reading “GitLab Addressed Authentication Bypass Vulnerability in Community Edition (CE) and Enterprise Edition (EE) (CVE-2024-45409)”
Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)
Ivanti released security updates to 16 security vulnerabilities of varying severities. Ten of these vulnerabilities are given a critical severity rating, while two are rated high and four are rated medium. Successful exploitation of the vulnerabilities could lead to unauthorized access to the EPM core server.
GitLab Patches Multiple Vulnerabilities impacting Community Edition (CE) and Enterprise Edition (EE)
GitLab released a security advisory to address 18 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). One of these vulnerabilities tracked as CVE-2024-6678, is given a critical severity rating with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an attacker to trigger a pipeline as an arbitrary user.