Advisories
Critical Vulnerability in Cisco ASA (CVE-2024-20329)
On October 24th, 2024, Cisco published an advisory regarding a critical vulnerability in their Adaptive Security Appliance (ASA) Software, a core component of their firewall and VPN appliances. The vulnerability is due to insufficient user input validation and can be abused by a remote authenticated attacker to execute arbitrary commands as the root account.
Oct 30, 2024 - 4 Min Read
FortiJump, Critical Vulnerability in FortiManager API (CVE-2024-47575)
On October 23rd, 2024, Fortinet published an advisory regarding active exploitation of the FortiManager platform, a solution used to centrally manage Fortinet products. The advisory discloses a critical severity vulnerability, nicknamed FortiJump.
Oct 23, 2024 - 4 Min Read
Critical Vulnerability in Palo Alto Expedition (CVE-2024-9464 and CVE-2024-9465)
On October 9th, 2024, cyber security firm Horizon3 published a blog post detailing multiple critical vulnerabilities they discovered in Palo Alto’s Expedition product. Expedition is a utility tool that allows Palo Alto clients to migrate firewall configurations from other vendor products to Palo Alto devices.
Oct 11, 2024 - 2 Min Read
Critical Vulnerability in CUPS (CVE-2024-47177)
On September 26th, 2024, an independent researcher disclosed a critical vulnerability in CUPS, a printing software package commonly used in Linux systems. CUPS may be enabled by default on some versions of Linux, meaning a server not intended or used as a printer server may still be vulnerable as a result.
Sep 27, 2024 - 2 Min Read
Critical Vulnerability in Ivanti EPM (CVE-2024-29847)
On September 10th, 2024, Ivanti published an advisory detailing multiple critical severity vulnerabilities in their Endpoint Management (EPM) product. The EPM product manages IT assets, troubleshooting, and deployment of software and operating systems.
Sep 13, 2024 - 2 Min Read
Critical Vulnerability in OpenSSH (CVE-2024-6387)
On July 1st, Qualys Security publicly disclosed details regarding an impactful vulnerability in OpenSSH, an essential software tool used globally for secure network communications and remote system administration. OpenSSH is integral to maintaining confidentiality and control over remote sessions, underpinning a vast array of critical infrastructure across the internet.
Jul 6, 2024 - 6 Min Read
Critical Vulnerability in FileCatalyst Workflow (CVE-2024-5276)
On June 25th, software company Fortra disclosed a critical severity vulnerability in their managed file transfer software application, FileCatalyst Workflow. The vulnerability is being tracked as CVE-2024-5276 which is an SQL Injection vulnerability that allows an attacker to modify application data.
Jun 29, 2024 - 2 Min Read
Critical Vulnerability in MOVEit Transfer (CVE-2024-5806)
On June 25th, software company Progress publicly disclosed a critical severity vulnerability in their managed file transfer software application, MOVEit Transfer. The vulnerability is being tracked as CVE-2024-5806 and allows a remote attacker to bypass authentication and log in as any valid user on the system.
Jun 26, 2024 - 6 Min Read
Multiple Critical Vulnerbailities in Adobe Magento, Commerce, and Commerce Webhooks Plugin
On June 11th, Adobe released a security bulletin covering several vulnerabilities in their Magento, Commerce, and Commerce Webhooks Plugin software. There were ten vulnerabilities, seven of which had a CVSS severity of “critical”, with scores of 8 or above.
Jun 13, 2024 - 2 Min Read
Critical Vulnerability in Outlook (CVE-2024-30103)
On June 11th, cybersecurity firm Morphisec published an article detailing a critical vulnerability in Microsoft Outlook. Successful exploitation of this vulnerability will enable attackers to run arbitrary code by sending a specially designed email.
Jun 12, 2024 - 2 Min Read