Affected product(s): Description A high-severity vulnerability affecting Palo Alto’s PAN-OS software has been disclosed that could cause a denial of service (DoS) condition on affected devices. The flaw was identified
Affected product(s): CVE-2023-34990: CVE-2024-48782: CVE-2024-48889: Description Several vulnerabilities have been published for Fortinet products that can combine and become critical. Both vulnerabilities affect Fortinet’s Wireless LAN Manager (FortiWLM) software, the
Affected product(s): Additionally, users must make the following configuration changes depending on the version of Java they are running: Description A critical vulnerability has been disclosed in its Tomcat server
The criminal group managing the Fénix botnet has intensified its activities since 2022. This botnet has carried out multiple attacks, primarily targeting the SAT (Tax Administration Service), using phishing and
Description: The vulnerabilities CVE-2024-9486 and CVE-2024-9594, identified in the image creation process in Kubernetes, are due to the use of default credentials that can expose systems to unauthorized access and
Description: The WordPress Jetpack plugin has released a critical security update to address a vulnerability that allowed authenticated users to access forms submitted by other visitors. Jetpack, developed by Automattic,
A new critical vulnerability in GitLabidentified as CVE-2024-9164has been discovered, which allows an attacker to execute pipelines with privileges of other users. This vulnerability affects versions of GitLab Enterprise Edition
Mozilla has released an urgent update for Firefox (version 131.0.2) and Firefox ESR (versions 115.16.1 and 128.3.1) to fix a critical remote code execution vulnerability, CVE-2024-9680. The popular open-source web
Palo Alto Networks has issued a warning about several critical vulnerabilities in its Expedition tool, which is used to migrate firewall configurations. These vulnerabilities allow attackers to take control of
CISA has issued an alert regarding the active exploitation of a critical remote code execution (RCE) vulnerability in Fortinet products, identified as CVE-2024-23113. This vulnerability affects several Fortinet solutions, including
This month, SAP fixed a critical vulnerability in its BusinessObjects platform, identified as CVE-2024-41730. The vulnerability affects the SAP BusinessObjects Business Intelligence Platform, allowing an unauthenticated attacker to perform unsafe
In recent days, Microsoft has released a total of 118 vulnerabilities, including 5 considered Zero-Days: CVE-2024-42827, CVE-2024-42317, CVE-2024-43205, CVE-2024-43341, and CVE-2024-43292, which are reported to be actively exploited. These vulnerabilities
A couple of vulnerabilities have been reported in TeamViewer versions prior to 15.58.4, identified as CVE-2024-7479 and CVE-2024-7481, with a score of 8.8, classifying them as critical. TeamViewer is one
Critical vulnerabilities have been reported in Jenkins, including CVE-2024-47803, CVE-2024-47804, CVE-2024-47805, CVE-2024-47806, and CVE-2024-47807. The last two vulnerabilities are classified as high severity, with a CVSSv3 score of 8.1, while
A critical vulnerability has been reported in the Cisco Nexus Dashboard Fabric Controller (NDFC) product, identified as CVE-2024-20432 with a CVSSv3 score of 9.9, classified as critical. Additionally, within the
Affected Product(s) TeamViewer versions prior to 15.58.4 Description: A high-severity vulnerability has been identified in TeamViewer Remote for Windows, which could allow an attacker with physical access to the device
Affected Product(s): Description: Several critical vulnerabilities have been identified in CUPS (Common UNIX Printing System), affecting various Linux versions, including all versions of Red Hat Enterprise Linux (RHEL), although not
Affected Product(s): Description: This vulnerability allows a remote attacker to execute arbitrary shell commands on the target system. The flaw is due to improper input validation within the postjournal service.
Affected Product(s): Description: A critical vulnerability has been discovered in Apache Tomcat, affecting versions up to 9.0.89, 10.1.24, and 11.0.0-M20. This vulnerability, identified as CVE-2024-38286, is related to the TLS
Affected Product(s): Description: A critical Zero-Day vulnerability, identified as CVE-2024-38014 (CVSS 7.8), has been recently discovered and patched, affecting Microsoft Windows MSI installers. This vulnerability allows for privilege escalation to
Affected Product(s): Description: Veeam recently disclosed a critical remote code execution (RCE) vulnerability identified as CVE-2024-40711. This flaw affects Veeam Backup & Replication (VBR) in versions 12.1.2.172 and earlier. The
Affected Product(s): Description: Ivanti has disclosed a new critical vulnerability in its Cloud Services Appliance (CSA) version 4.6, which was resolved in CSA 4.6 Patch 519, released on September 10.
Affected Product(s): Description: A critical vulnerability has been identified in VMware’s vCenter Server platform, known as CVE-2024-38812, reported by TZL researchers during the Matrix Cup 2024 hacking contest in China.
Affected Product(s): Description: Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that enables centralized device management within an organization. Ivanti has released updates for Ivanti Endpoint Manager 2024
Affected Product(s): Windows Hyper-V Description: In July, the vulnerability CVE-2024-38080 (CVSS 7.8) was disclosed, which affects Windows Hyper-V, Microsoft’s hypervisor used for virtualized environments. This is a privilege escalation (EoP)
Siemens has released a statement regarding the vulnerability CVE-2024-35783, a critical flaw with a CVSS score of 9.4. This vulnerability affects key industrial systems such as SIMATIC PCS 7, SIMATIC
GitLab has publicly disclosed several vulnerabilities affecting both the Community Edition (CE) and Enterprise Edition (EE) in their on-premise implementations, some of which are critical. One of the most notable
Palo Alto Networks has released critical vulnerabilities affecting several products, including PAN-OS, GlobalProtect, Cortex XDR, and Prisma Access. Among the most significant are CVE-2024-8686 with a CVSS score of 8.6
This September, Microsoft addressed a total of 79 vulnerabilities, including 4 Zero-Days: CVE-2024-43491, CVE-2024-38014, CVE-2024-38226, and CVE-2024-38217, all of which were actively being exploited. These affect various products such as
The Elastic team has published two critical vulnerabilities, identified as CVE-2024-37288 and CVE-2024-37285, with CVSS scores of 9.9 and 9.3 respectively, affecting Kibana versions 8.15.1 and earlier. Both vulnerabilities allow
We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.
We are a CSIRT, we are Cybolt.
© 2024. Beacon Lab CSIRT, Privacy Policy