Vulnerabilities

Oracle announced 441 new security patches for its April 2024 Critical Patch Update, with over 200 of them fixing flaws that could be exploited by remote, unauthenticated attackers. Oracle’s advisory reported that about 230 unique CVEs were found in Oracle’s April 2024 CPU, with over 30 security patches addressing critical-severity …

Palo Alto Networks released hotfixes to fix a serious security flaw in PAN-OS software, being actively exploited. The CVE-2024-3400 vulnerability has a critical CVSS score of 10.0. It is a command injection flaw in the  globalProtect feature that allows an unauthenticated attacker to run any code with root privileges on …

The Bitdefender GravityZone Update Server is vulnerable to server-side request forgery (SSRF) because of an incorrect regular expression. Bitdefender’s GravityZone: Bitdefender’s GravityZone Update Server has a critical vulnerability with a CVSS score of 8.1. It could allow an attacker remote network access to compromise the server with low privileges. Bitdefender …

Palo Alto Networks released security updates to high severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – A vulnerability in the PAN-OS software of Palo Alto Networks allows remote attackers to reboot hardware firewalls. Continuous attacks can lead to a DoS situation by …

Microsoft released a patch on Tuesday, April 2024. It includes security updates for 150 flaws and 67 remote code execution bugs. Only three important vulnerabilities were fixed by Patch Tuesday. However, there are more than sixty-seven remote code execution bugs. The majority of these bugs are located in Microsoft SQL …

SonicWall Capture Labs found a vulnerability with the Artica Proxy appliance. This vulnerability affects over 100K servers globally. Artica Proxy is a proxy solution that performs tasks like web filtering, SSL inspection, and bandwidth management. SonicWall has developed measures to mitigate the vulnerability. There is a security vulnerability called CVE-2024-2054 …

The writing is first published to medium where Henry N. Caga wrote about how he find out Google’s vulnerability and achieved hall of fame recognition. Henry N. Caga wrote I stumbled upon a discovery that sent shockwaves through my system: an XSS (Cross-Site Scripting) vulnerability lurking within one of Google’s …

Security researchers created a demonstration of a critical flaw in Fortinet’s FortiClient Enterprise Management Server (EMS) software. The security flaw CVE-2023-48788 is an SQL injection in the DB2 Administration Server (DAS) discovered and reported by the UK’s National Cyber Security Centre (NCSC). It impacts FortiClient EMS versions 7.0 (7.0.1-7.0.10) and …

Only 13% of organizations in the UK are resilient to cyber-attacks, while the majority are either vulnerable (48%) or at high risk (39%) of experiencing damaging cyber-incidents. This information comes from a new report by Microsoft in collaboration with the University of London. The tech giant said that the UK’s …

No vulnerabilities being exploited this month- Microsoft’s security update for February 2024. March’s Patch Tuesday is not as severe as previous months. It addresses 60 vulnerabilities, with only two labeled as “critical.” In comparison, last month had over 70 security vulnerabilities. January and December had even fewer vulnerabilities, particularly when compared …