Vulnerabilities

SonicWall released security updates to fix a critical flaw in its firewalls. If exploited, this flaw could give unauthorized access to malicious actors. The vulnerability is known as CVE-2024-40766 and has a CVSS score of 9.3. It is an access control issue. “An improper access control vulnerability has been identified …

Dell Technologies identified a security vulnerability in Dell Power Manager (DPM), in versions 3.15.0 and older. The vulnerability, named CVE-2024-39576, allows a low-privileged attacker with local access to execute code and gain higher privileges. Vulnerability Details: Lefteris Panos from LRQA Nettitude found the vulnerability in Dell Power Manager. This vulnerability …

CISA warned about two important vulnerabilities in Dahua IP cameras and related products. Though these vulnerabilities were discovered in 2021, CISA has now added them to its catalog “based on evidence of active exploitation.” CISA stated that Dahua IP cameras and related products have authentication bypass vulnerabilities. Attackers can bypass …

GitHub has fixed three security flaws in its Enterprise Server product. One of these flaws was critical and allowed an attacker to gain administrative privileges. The most severe issue is called CVE-2024-6800. It has a CVSS score of 9.5. “On GitHub Enterprise Server instances that use SAML single sign-on (SSO) …

Mandiant has found a new vulnerability in Azure Kubernetes Services (AKS) called “WireServing.” This flaw could have let attackers increase their privileges in a compromised cluster and access sensitive credentials without authorization. Kubernetes is a complex platform known for security challenges. A vulnerability in AKS clusters using “Azure CNI” and …

The US Cybersecurity and Infrastructure Security Agency (CISA) has included a vulnerability in SolarWinds Web Help Desk, known as CVE-2024-28986 (with a CVSS score of 9.8), in its catalog of Known Exploited Vulnerabilities (KEV). This week, SolarWinds fixed a vulnerability in its Web Help Desk solution for customer support. The …

Zimbra Collaboration revealed three new security vulnerabilities identified as CVE-2024-33533, CVE-2024-33535, and CVE-2024-33536, affecting versions 9.0 and 10.0, which could put users at risk of cross-site scripting and local file inclusion attacks. Technical Breakdown of the Vulnerabilities: CVE-2024-33533: The Zimbra webmail admin interface has a vulnerability. It doesn’t properly validate …

IBM has released a security bulletin about several vulnerabilities in its QRadar Suite Software. The company has fixed these vulnerabilities in the most recent software update. IBM QRadar Suite Software is a cybersecurity platform that combines SIEM, SOAR, network traffic analysis, and vulnerability management. It helps in detecting threats, responding …

Palo Alto Networks has warned its users about 34 vulnerabilities in their products and released four security advisories. They haven’t found any attacks yet, but it’s important for users to update their systems quickly. Certain Palo Alto products, specifically PAN-OS and GlobalProtect App, are affected by vulnerabilities. Some of these …

Fortinet has fixed vulnerabilities in its products FortiOS, FortiProxy, FortiPAM, FortiSwitchManager, FortiManager, and FortiAnalyzer. The vulnerabilities could be used to gain unauthorized access and increase privileges, posing a major threat to affected systems. Vulnerability Details: CVE-2022-45862 The graphical user interface (GUI) of FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager was identified as …