CERT-EU - Publications - Security Advisories

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

Tuesday, November 19, 2024 10:55:57 AM CET

Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges.
It recommended applying the updates and restricting the access to the management web interface to only trusted internal IP addresses, according to the vendor's best practice deployment guidelines.

2024-116: Microsoft November 2024 Patch Tuesday

Wednesday, November 13, 2024 05:43:08 PM CET

Microsoft's November 2024 Patch Tuesday addresses 91 vulnerabilities, including four zero-day vulnerabilities. Two of these zero-days, CVE-2024-43451 (NTLM Hash Disclosure Spoofing) and CVE-2024-49039 (Windows Task Scheduler Elevation of Privilege), have been actively exploited. These vulnerabilities allow attackers to potentially gain unauthorised access or escalate privileges through minimal user interaction or crafted applications.

2024-115: QNAP NAS Zero-Day Vulnerabilities

Thursday, October 31, 2024 01:18:46 PM CET

On October 29 and 30, 2024, QNAP released patches for two critical zero-day vulnerabilities, CVE-2024-50387 and CVE-2024-50388, affecting NAS devices. These vulnerabilities allow remote attackers to gain root access and execute arbitrary commands on compromised devices.

2024-114: Multiple Critical CISCO Vulnerabilities

Friday, October 25, 2024 12:11:37 PM CEST

A set of critical vulnerabilities affecting Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco Secure Firewall Management Center (FMC) Software, and Cisco Nexus Dashboard Fabric Controller (NDFC) have been identified. These vulnerabilities can potentially allow attackers to conduct various types of attacks, including command injection, remote command execution, arbitrary command execution, and unauthorised access through static credentials due to improper input validation or insecure handling of web services components. Successful exploitation could allow attackers to execute arbitrary commands, gain root-level access through SSH, or gain unauthorised access via static credentials. They obtained CVSS score of 9 out of 10 or more.

2024-113: Critical 0-day Vulnerability in Fortinet FortiManager

Thursday, October 24, 2024 10:56:10 AM CEST

On October 23, 2024, Fortinet released a security advisory addressing a critical 0-day vulnerability in its FortiManager product. If exploited, a remote unauthenticated attacker could execute arbitrary code or commands on the affected device.
It is strongly recommended applying the update. When not possible, it is recommended applying the workaround. In all cases, it is recommended searching for potential compromise.

2024-112: Critical Vulnerability in Kubernetes

Thursday, October 17, 2024 04:37:11 PM CEST

On October 14, 2024, Kubernetes released a security advisory addressing a critical vulnerability affecting the Kubernetes Image Builder project.
It is recommended updating the Kubernetes Image Builder, and redeploying or mitigating Virtual Machines (VMs) created by the vulnerable Kubernetes Image Builder.

2024-111: Multiple Vulnerabilities in Splunk Enterprise and Splunk Cloud

Wednesday, October 16, 2024 09:37:06 AM CEST

On October 14, 2024, Splunk released several advisories addressing multiple high and medium severity vulnerabilities affecting Splunk Enterprise and Splunk Cloud. These vulnerabilities could lead to arbitrary file write to Windows system root directory, access to potentially restricted data and remote code execution.

2024-110: Critical Vulnerability in Ivanti Products

Wednesday, October 16, 2024 09:36:33 AM CEST

On October 8, 2024, Ivanti addressed a critical vulnerability in Ivanti Connect Secure and Ivanti Policy Secure.

2024-109: Critical vulnerabilities in Gitlab

Friday, October 11, 2024 04:26:55 PM CEST

On October 9, 2024, GitLab released an advisory addressing several critical vulnerabilities in GitLab EE/CE affecting versions from 8.16 to 17.4.1.
It is recommended updating affected assets as soon as possible.

2024-108: Palo Alto Critical Vulnerabilities

Friday, October 11, 2024 10:22:58 AM CEST

Palo Alto Networks has disclosed multiple critical vulnerabilities in its Expedition tool that can lead to unauthorised access to firewall credentials and sensitive data, including usernames, passwords, and API keys. The vulnerabilities allow attackers to execute arbitrary commands, read or write files, and exploit SQL injection flaws. Successful exploitation could result in a full takeover of affected systems.

2024-107: Critical Vulnerability in Firefox

Friday, October 11, 2024 10:08:06 AM CEST

On October 9th, 2024, the Mozilla Foundation issued a security advisory regarding a critical use-after-free vulnerability (CVE-2024-9680) in Firefox.

2024-106: Multiple Critical Vulnerabilities in Microsoft Products

Wednesday, October 09, 2024 06:06:57 PM CEST

On October 8, 2024, Microsoft addressed 118 vulnerabilities in its October 2024 Patch Tuesday update, including five zero-day vulnerabilities. This Patch Tuesday also fixes three critical vulnerabilities.

2024-105: Multiple Vulnerabilities in WhatsUp Gold

Monday, September 30, 2024 09:50:00 AM CEST

On September 24, 2024, the WhatsUp Gold team released a security advisory addressing six vulnerabilities of various severities, the most critical reaching the score of 9.8 out of 10.

2024-104: Critical Vulnerability in NVIDIA Container Toolkit

Friday, September 27, 2024 11:47:10 AM CEST

On September 26, 2024, a security advisory was issued regarding a critical vulnerability, CCVE-2024-0132, affecting NVIDIA Container Toolkit. NVIDIA Container Toolkit is providing containerised AI applications with access to GPU resources. This vulnerability impacts any AI application that is running the vulnerable container toolkit to enable GPU support.
This vulnerability could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.

2024-103: Critical Vulnerabilities in CUPS

Friday, September 27, 2024 11:31:45 AM CEST

On September 26, 2024, a security researched released a blog post describing several vulnerabilities in CUPS, one of which being critical, allowing an attacker to replace existing printers' IPP URLs with a malicious one, resulting in a potential arbitrary command execution.

2024-102: Traefik Critical Vulnerability

Tuesday, September 24, 2024 01:48:58 PM CEST

On September 19, 2024, a security advisory was issued regarding a critical vulnerability, CVE-2024-45410, affecting Traefik. This vulnerability could allow an attacker to execute arbitrary commands via crafted HTTP requests, posing a significant risk to exposed services.
Immediate updates are recommended for all affected installations.

2024-101: Critical SAML Authentication Bypass in Gitlab

Thursday, September 19, 2024 02:06:27 PM CEST

On September 17, 2024, GitLab issued a security advisory addressing a critical vulnerability identified in GitLab’s SAML authentication implementation, potentially allowing attackers to bypass authentication. The vulnerability affects the Community Edition (CE) and the Enterprise Edition (EE) instances that utilise SAML for single sign-on (SSO).
It is recommended updating affected servers as soon as possible, and searching for potential successful exploitation of the vulnerability in the logs.

2024-100: Critical RCE Vulnerability in VMware vCenter Server

Tuesday, October 22, 2024 10:43:21 AM CEST

On September 17, 2024, Broadcom released a fix for a critical vulnerability tracked as CVE-2024-38812 in VMware vCenter Server, enabling remote code execution (RCE) via a specially crafted network packet. Following this, on October 21, 2024, Broadcom updated their advisory with additional information about another related vulnerability tracked as CVE-2024-38813.

2024-099: Critical Vulnerabilities in Openshift

Wednesday, September 18, 2024 02:13:00 PM CEST

On 16th of September 2024, two vulnerabilities (CVE-2024-45496 and CVE-2024-7387) have been discovered in Red Hat systems that allow attackers to escalate privileges or execute arbitrary code, impacting system integrity.

2024-098: Command Injection Vulnerability in PaloAlto PAN-OS

Monday, September 16, 2024 02:05:51 PM CEST

On September 11, 2024, a high-severity command injection vulnerability has been addressed in PaloAlto PAN-OS. If exploited, this flaw could allow an authenticated attacker to execute arbitrary commands as root on the firewall.

2024-097: Vulnerabilities in SolarWinds Access Rights Manager

Monday, September 16, 2024 02:05:24 PM CEST

On September 12, 2024, Solarwinds released several advisories addressing two critical vulnerabilities in SolarWinds Access Rights Manager (ARM). These vulnerabilities, if exploited, could lead to authenticated remote code execution, and authentication bypass[2].

2024-096: Vulnerabilities in GitLab

Friday, September 13, 2024 05:05:42 PM CEST

On September 11, 2024, GitLab released a security advisory addressing several vulnerabilities, one of which being critical, allowing an attacker to trigger pipelines as arbitrary users under certain conditions.

2024-095: Critical vulnerabilities in Adobe Products

Thursday, September 12, 2024 04:57:13 PM CEST

On September 10, 2024, Adobe released a security bulletin addressing two critical vulnerabilities affecting its Acrobat products. When exploited, these vulnerabilities could allow an attacker to execute arbitrary code.
A publicly available proof-of-concept exploit exists for one of the vulnerabilities.

2024-094: Critical Vulnerabilities in Ivanti EPM

Wednesday, September 11, 2024 06:46:40 PM CEST

On September 10, 2024, Ivanti addressed several critical and high security vulnerabilities its Endpoint Manager (EPM) product.
It is recommended updating as soon as possible.

2024-093: Multiple Critical Vulnerabilities in Microsoft Products

Wednesday, September 11, 2024 06:46:14 PM CEST

On September 10, 2024, Microsoft addressed 79 vulnerabilities in its September 2024 Patch Tuesday update, including four zero-day vulnerabilities. This Patch Tuesday also fixes seven critical vulnerabilities.

2024-092: Critical Vulnerability in Veeam

Friday, September 06, 2024 12:10:44 PM CEST

On September 5, 2024, Veeam disclosed a critical remote code execution (RCE) vulnerability tracked as CVE-2024-40711, affecting Veeam Backup & Replication (VBR). This flaw allows unauthenticated attackers to execute arbitrary code on vulnerable systems (CVSS score: 9.8). VBR is a target for ransomware attacks, as it plays a key role in enterprise data protection.
Users are advised to update to version 12.2.0.334 as soon as possible.

2024-091: High Severity Vulnerability in VMware Fusion for MacOS

Wednesday, September 04, 2024 09:49:34 AM CEST

On September 3, 2024, Broadcom disclosed a high-severity vulnerability in VMware Fusion, which could allow attackers to execute arbitrary code on macOS systems.

2024-090: Multiple Vulnerabilities in Cisco NX-OS Software

Monday, September 02, 2024 09:40:58 AM CEST

On August 28, Cisco released patches for multiple vulnerabilities affecting its NX-OS software, primarily used in Nexus switches. The most severe of these is a high-severity denial-of-service (DoS) vulnerability in the DHCPv6 relay agent, which could allow an unauthenticated remote attacker to cause targeted devices to reload repeatedly, leading to a DoS condition. Additionally, several medium-severity vulnerabilities were addressed, including issues that could allow privilege escalation and unauthorised code execution.

2024-089: Critical Vulnerability in SonicWall SonicOS

Tuesday, August 27, 2024 10:04:41 AM CEST

On August 23, 2024, SonicWall issued a security advisory regarding a critical access control vulnerability (CVE-2024-40766) in its SonicOS. This flaw could allow attackers to gain unauthorised access to resources or cause the firewall crash.
It is recommended updating as soon as possible.

2024-088: Chrome ZeroDay Vulnerabilities

Tuesday, August 27, 2024 10:52:26 AM CEST

A critical zero-day vulnerability, CVE-2024-7971, has been identified and patched in Google Chrome. This marks the ninth such vulnerability discovered in 2024. The flaw, which has been actively exploited in the wild, is rooted in a type confusion issue within Chrome's V8 JavaScript engine. This vulnerability allows attackers to potentially execute arbitrary code on affected systems.
[New] On August 26, Google announced that it patched the tenth zero-day vulnerability in Chrome. This vulnerability is also reported as being exploited.

2024-085: Multiple Vulnerabilities in Moodle

Wednesday, August 21, 2024 02:19:29 PM CEST

On August 19, 2024, Moodle released a security advisory addressing sixteen vulnerabilities of various severities.
It is recommended updating as soon as possible.

2024-084: High Severity Vulnerabilities in F5 Products

Wednesday, August 21, 2024 02:17:39 PM CEST

On August 14, 2024, F5 released a security advisory addressing nine vulnerabilities in their products. Four of these vulnerabilities have been classified as high severity due to their potential to facilitate session hijacking and to lead to Denial-of-Service (DoS) attacks.

2024-083: Palo Alto Cortex XSOAR CommonScripts Critical Vulnerability

Tuesday, August 20, 2024 11:15:07 AM CEST

On August 14, 2024, Palo Alto Networks released a security advisory for a critical command injection vulnerability, CVE-2024-5914, in Cortex XSOAR. This flaw allows unauthenticated attackers to execute arbitrary commands within the context of an integration container, potentially compromising the system. The vulnerability affects the product's CommonScripts Pack and is rated as high severity with a CVSS score of 9.0.

2024-082: Zabbix Server Critical Arbitrary Code Execution Vulnerability

Friday, August 16, 2024 10:46:49 AM CEST

On August 13, 2024, a critical vulnerability, CVE-2024-22116, was disclosed in Zabbix Server, allowing attackers with restricted administrative permissions to execute arbitrary code. The flaw, identified in the Ping script execution within the Monitoring Hosts section, can compromise the entire infrastructure. The vulnerability carries a CVSS score of 9.9.

2024-081: SolarWinds Web Help Desk Critical Remote Code Execution Vulnerability

Friday, August 16, 2024 10:41:49 AM CEST

On August 14, 2024, SolarWinds disclosed a critical remote code execution (RCE) vulnerability, CVE-2024-28986, affecting all versions of their Web Help Desk (WHD) software. The vulnerability, caused by a Java deserialization flaw, allows attackers to execute arbitrary commands on the affected system. The vulnerability has a CVSS score of 9.8.

2024-080: Multiple Critical Vulnerabilities in Microsoft Products

Wednesday, August 14, 2024 04:09:11 PM CEST

On August 13, 2024, Microsoft addressed 89 vulnerabilities in its August 2024 Patch Tuesday update, including ten zero-day vulnerabilities. This Patch Tuesday also fixes six critical vulnerabilities.

2024-079: Critical SAP Authentication Bypass Vulnerability

Wednesday, August 14, 2024 03:38:09 PM CEST

On August 13, 2024, SAP released a security advisory for a critical authentication bypass vulnerability, CVE-2024-41730, in SAP BusinessObjects Business Intelligence Platform. This flaw allows remote attackers to bypass authentication mechanisms, potentially leading to full system compromise. The vulnerability has a CVSS score of 9.8, highlighting its severity.

2024-078: Ivanti vTM Critical Authentication Bypass Vulnerability

Wednesday, August 14, 2024 01:01:55 PM CEST

On August 13, 2024, Ivanti disclosed a critical authentication bypass vulnerability, CVE-2024-7593, affecting the Ivanti Virtual Traffic Manager (vTM). This flaw allows remote, unauthenticated attackers to bypass authentication and create rogue administrator accounts, posing a significant security risk. The vulnerability is due to an incorrect implementation of the authentication algorithm.

2024-077: Vulnerabilities in Microsoft Office

Monday, August 12, 2024 03:36:04 PM CEST

On August 8, 2024, Microsoft disclosed a high-severity vulnerability tracked as CVE-2024-38200 affecting Office 2016 that could expose NTLM hashes to a remote attacker. This security flaw is caused by an information disclosure weakness that enables unauthorised actors to access protected information.

2024-076: Vulnerabilities in OpenVPN

Monday, August 12, 2024 03:31:53 PM CEST

On March 20, 2024, the OpenVPN community project team disclosed several vulnerabilities, CVE-2024-27459, CVE-2024-24974, CVE-2024-27903 and CVE-2024-1305 that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE).
On August 8, 2024, Microsoft released a writeup for those vulnerabilities.

2024-075: Vulnerabilities in AMD CPUs

Monday, August 12, 2024 03:14:34 PM CEST

On August 9, 2024, AMD disclosed a high-severity vulnerability, CVE-2023-31315 (SinkClose), affecting multiple generations of EPYC, Ryzen, and Threadripper processors. The flaw allows attackers with kernel-level access to gain Ring-2 privileges, potentially installing undetectable malware by modifying System Management Mode (SMM) settings.

2024-074: RADIUS Vulnerability Impacts Cisco Products

Monday, July 29, 2024 07:10:46 PM CEST

A critical vulnerability, identified as CVE-2024-3596, has been discovered in the RADIUS (Remote Authentication Dial-In User Service) protocol, allowing for man-in-the-middle (MitM) attacks that bypass authentication mechanisms. Dubbed the Blast-RADIUS attack, this vulnerability leverages an MD5 collision attack to forge authentication responses, potentially granting unauthorised access to network resources.
In particular multiple CISCO products are impacted by this vulnerability. Other platforms are impacted as well, although the exact severity varies Due to the high severity of this vulnerability, CERT-EU strongly recommends patching as soon as possible.

2024-073: Apache HTTP Server Critical Vulnerabilities

Wednesday, July 24, 2024 02:27:57 PM CEST

On July 23, 2024, Apache issued an advisory about two critical vulnerabilities in its HTTP Server, CVE-2024-40725 and CVE-2024-40898. These vulnerabilities can lead to HTTP request smuggling and SSL client authentication bypass, potentially resulting in unauthorised access and other malicious activities.
It is recommended to update affected systems immediately.

2024-072: Vulnerabilities in Ivanti EPMM

Monday, July 22, 2024 10:34:56 AM CEST

On July 17, 2024, Ivanti released a security advisory addressing several vulnerabilities in its EPMM solution (formerly known as MobileIron). These vulnerabilities could lead to remote code execution, authentication bypass, and sensitive information leakage.
It is recommended updating as soon as possible.

2024-071: Critical Vulnerabilities in SolarWinds Access Rights Manager

Friday, July 19, 2024 07:30:40 PM CEST

On July 18, 2024, SolarWinds issued an advisory addressing multiple critical vulnerabilities in its Access Rights Manager (ARM) software. These vulnerabilities could lead to remote code execution, arbitrary file deletion and sensitive information leakage.
It is recommended updating affected systems immediately.

2024-070: Critical Vulnerabilities in Cisco Products

Thursday, July 18, 2024 06:09:28 PM CEST

On July 17, 2024, Cisco issued several security advisories addressing critical and high severity vulnerabilities in its products. It is strongly recommended applying update on affected devices as soon as possible, prioritising internet facing and business critical devices.

2024-069: Vulnerabilities in Citrix Netscaler

Monday, July 15, 2024 05:41:57 PM CEST

On July 9, 2024, Citrix released a security advisory addressing two vulnerabilities in Citrix NetScaler Console, Agent, and SDX (SVM). The vulnerabilities "CVE-2024-6235" and "CVE-2024-6236" can result in sensitive information disclosure and denial of service.

2024-068: Critical Vulnerabilities in GeoServer and GeoTools

Thursday, July 11, 2024 03:14:25 PM CEST

On July 2, 2024, several critical vulnerabilities were addressed in GeoServer and GeoTools. These vulnerabilities can result in arbitrary code execution through the unsafe evaluation of user-supplied "XPath" expressions.
It is recommended updating as soon as possible.

2024-067: Multiple Vulnerabilities in Microsoft Products

Friday, July 12, 2024 11:43:44 AM CEST

On July 10, 2024, Microsoft addressed 139 vulnerabilities in its July 2024 Patch Tuesday update, including four zero-day vulnerabilities. Two zero-day vulnerabilities are actively exploited. Additionally, five critical vulnerabilities leading to Remote Code Execution have been patched.
It is recommended updating as soon as possible.

2024-066: Critical Vulnerability in OpenSSH

Tuesday, July 09, 2024 05:35:08 PM CEST

On July 1, 2024, a new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed regreSSHion was reported, affecting glibc-based Linux systems. This vulnerability, identified as CVE-2024-6387, allows remote attackers to execute arbitrary code as root due to a signal handler race condition in sshd.

2024-065: Critical Vulnerability in Juniper Networks Products

Monday, July 01, 2024 11:49:52 AM CEST

On June 27, 2024, Juniper Networks issued an advisory about a critical vulnerability, CVE-2024-2973, affecting Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products. This vulnerability allows an attacker to bypass authentication and gain full control of the device, primarily affecting high-availability redundant configurations.
It is recommended to update affected devices immediately.

2024-064: Vulnerabilities in GitLab

Friday, June 28, 2024 07:37:21 PM CEST

On June 26, 2024, GitLab released a security advisory addressing several vulnerabilities, one of which being critical, allowing an attacker to trigger a pipeline as another user under certain circumstances.

2024-063: Critical Vulnerability in MOVEit Transfer

Thursday, June 27, 2024 07:19:13 PM CEST

On June 25, 2024, Progress Software disclosed a critical vulnerability in Progress MOVEit Transfer. This vulnerability allows attackers to bypass authentication and access sensitive data. The vulnerability is actively being exploited, and there is an available proof of concept (PoC).

2024-062: Vulnerabilities in Chrome and Chromium based Browsers

Friday, June 21, 2024 03:27:05 PM CEST

Google has released a critical security update for its Chrome Browser, addressing six high-severity vulnerabilities that could lead to serious security issues. Chromium-based browsers are also impacted.

2024-061: Vulnerabilities in Nextcloud Products

Tuesday, June 18, 2024 06:47:33 PM CEST

On June 14, 2024, Nextcloud released patches for Nextcloud Server and Enterprise Server. A vulnerability was disclosed in Nextcloud server products that allows the bypassing of the second factor of two-factor authentication (2FA).

2024-060: Vulnerabilities in VMware Products

Tuesday, June 18, 2024 06:44:15 PM CEST

On June 17, 2024, VMware released fixes for three vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation. Two of these vulnerabilities are critical. Exploitation these vulnerabilities could allow a malicious actor to execute remote code or escalate privileges on the affected systems.

2024-059: Vulnerability in FortiOS

Monday, June 17, 2024 09:37:54 AM CEST

On June 12, 2024, Fortinet disclosed a high-severity vulnerability identified as CVE-2024-23110 affecting FortiOS. This vulnerability allows an authenticated attacker to execute unauthorised code or commands via specially crafted command line arguments. The issue arises from multiple stack-based buffer overflow security defects in the command line interpreter.
No proof of concept is currently available at the moment, nevertheless CERT-EU strongly recommends patching affected products as soon as possible.

2024-058: Vulnerabilities in PHP

Thursday, June 13, 2024 07:33:40 PM CEST

On June 6, 2024, a critical vulnerability was identified in certain versions of PHP that could allow the execution of arbitrary code or disclosure of sensitive information on Windows systems using Apache and PHP-CGI. The vulnerability is currently being actively exploited, and several proof of concepts are available.

2024-057: Vulnerabilities in JetBrains Products

Wednesday, June 12, 2024 04:09:19 PM CEST

On June 10, JetBrains released a fix for a vulnerability affecting IntelliJ-based IDEs 2023.1+ and JetBrains GitHub Plugin. This vulnerability could lead to disclosure of access tokens to third-party sites.

2024-056: Multiple Vulnerabilities in Microsoft Products

Wednesday, June 19, 2024 03:49:19 PM CEST

On June 11, 2024, Microsoft addressed 58 vulnerabilities in its June 2024 Patch Tuesday update, including one zero-day vulnerability (CVE-2023-50868). This Patch Tuesday also fixes one critical vulnerability (CVE-2024-30080), a Microsoft Message Queuing (MSMQ) remote code execution vulnerability. Finally, worth a mention are a couple of remote code execution vulnerabilities in Microsoft Outlook (CVE-2024-30103) and Windows Wi-Fi Driver (CVE-2024-30078).

2024-055: SolarWinds High-Severity Vulnerabilities

Saturday, June 08, 2024 11:43:12 AM CEST

On the 4th and 5th of June 2024, SolarWinds published four separate security advisories related to high-severity vulnerabilities in multiple products. CERT-EU strongly recommends patching them as soon as possible.

2024-054: Confluence Data Center and Server Remote Code Execution

Friday, June 07, 2024 04:29:06 PM CEST

A critical remote code execution (RCE) vulnerability, CVE-2024-21683, has been discovered in Atlassian's Confluence Data Center and Server. This vulnerability allows authenticated attackers with privileges of adding new macro languages to execute arbitrary code.

2024-053: Zero-day Vulnerability in Check Point Security Gateways

Thursday, May 30, 2024 11:26:17 AM CEST

On May 28, 2024, Check Point issued an advisory about a zero-day vulnerability, CVE-2024-24919, affecting Check Point Security Gateways. This high-severity information disclosure vulnerability can be exploited to gain unauthorised access to sensitive information on systems with remote Access VPN or Mobile Access Software Blades enabled.
It is recommended applying the hotfix and the extra protection measures provided by the vendor on affected devices.

2024-052: Vulnerability in Cisco FMC Software

Tuesday, May 28, 2024 10:53:37 AM CEST

On May 22, Cisco released an advisory regarding an SQL injection vulnerability affecting its Firepower Management Center (FMC) Software. If exploited, this vulnerability could allow an attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root.
It is recommended upgrading affected products.

2024-051: Vulnerabilities in GitLab

Monday, May 27, 2024 11:32:50 AM CEST

On May 22, GitLab has released several versions for GitLab Community Edition (CE) and Enterprise Edition (EE) containing important bug and security fixes. These fixes notably address a vulnerability that would allow an attacker to take accounts over via an XSS vulnerability.
It is strongly recommended upgrading affected versions to the latest version as soon as possible.

2024-050: Multiple Vulnerabilities in Ivanti EPMM

Wednesday, May 22, 2024 07:55:55 PM CEST

On May 15, 2024, Ivanti released a security advisory addressing multiple vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), formally known as MobileIron. An attacker could exploit these flaws to execute arbitrary commands on the appliance.
It is strongly advised updating affected systems to the latest versions to mitigate these risks.

2024-049: Multiple Vulnerabilities in QNAP Products

Wednesday, May 22, 2024 07:54:50 PM CEST

On May 21, 2024, QNAP released a security advisory addressing multiple flaws, including a zero-day vulnerability in the shared feature of QTS. These vulnerabilities could allow remote attackers to execute arbitrary code.
It is strongly advised updating affected systems to the latest versions to mitigate these risks.

2024-048: Critical Vulnerability in Veeam Backup Enterprise Manager

Wednesday, May 22, 2024 07:54:05 PM CEST

On May 21, 2024, Veeam issued fixes addressing multiple security flaws in Veeam Backup Enterprise Manager, including a critical vulnerability allowing unauthenticated attackers to bypass authentication and gain access to the web interface as any user.

2024-047: Critical Vulnerability in GitHub Enterprise Server

Wednesday, May 22, 2024 07:53:23 PM CEST

On May 21, 2024, GitHub disclosed a critical vulnerability in GitHub Enterprise Server (GHES) impacting instances using SAML single sign-on (SSO) with encrypted assertions. This vulnerability allows attackers to forge SAML responses, granting unauthorised administrative access without authentication.
A proof of concept is publicly available. CERT-EU strongly recommends updating as soon as possible.

2024-046: Multiple Vulnerabilities in Git

Wednesday, May 22, 2024 07:48:08 PM CEST

On May 14, 2024, GitHub announced the release of Git version 2.45.1, addressing three critical vulnerabilities impacting multiple platforms, including Windows, macOS, Linux, and BSD. These vulnerabilities could allow for remote code execution and unauthorised file modifications.

2024-045: Multiple Vulnerabilities in Microsoft Products

Thursday, May 16, 2024 04:06:48 PM CEST

On May 16, 2024, Microsoft addressed 61 vulnerabilities in its May 2024 Patch Tuesday update, including two actively exploited zero-days. This Patch Tuesday also fixes one critical vulnerability, a Microsoft SharePoint Server Remote Code Execution Vulnerability.
It is recommended applying updates as soon as possible on affected products.

2024-044: Zero-day Vulnerability in Chrome

Thursday, May 16, 2024 01:23:40 PM CEST

On May 15, 2024, Google has released an advisory addressing nine vulnerabilities, including a new zero-day bug identified as "CVE-2024-4947". It has been reported that this vulnerability is being actively exploited. This is the seventh zero-day vulnerability fixed by Google this year.

2024-043: Vulnerabilities in Cisco ASA and FTD Software

Wednesday, April 24, 2024 09:12:03 PM CEST

On April 24, 2024, Cisco disclosed three vulnerabilities in its management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software product.
Some of these vulnerabilities are currently being exploited[1]. It is recommended upgrading affected products as soon as possible, and checking for possible compromise.

2024-042: Vulnerability in Cisco Integrated Management Controller

Thursday, April 18, 2024 04:36:20 PM CEST

On April 17, 2024, Cisco disclosed vulnerabilities in its Cisco Integrated Management Controller product.
It is recommended upgrading affected products as soon as possible.

2024-041: Multiple Vulnerabilities in Ivanti Avalanche MDM

Wednesday, April 17, 2024 11:32:02 AM CEST

On April 16, 2024, Ivanti disclosed several vulnerabilities in its Avalanche MDM solution, including two critical heap overflow issues allowing unauthenticated remote command execution.
It is recommended updating as soon as possible.

2024-040: Vulnerabilities in Atlassian Products

Wednesday, April 17, 2024 11:31:38 AM CEST

On April 16, 2024, Atlassian released a security advisory addressing 7 high vulnerabilities in Bamboo Data Center, Confluence Data Center, Jira Software Data Center, and Jira Service Management Data Center.
It is recommended updating as soon as possible prioritising internet facing instances.

2024-039: Critical Putty Client Vulnerability

Tuesday, May 14, 2024 03:12:59 PM CEST

A critical vulnerability, identified as CVE-2024-31497, affects the PuTTY SSH client. This vulnerability stems from a bias in ECDSA nonce generation when using the NIST P-521 elliptic curve. Attackers can exploit this bias to recover private keys after observing a relatively small number of ECDSA signatures.

2024-038: Critical vulnerabilities in Junos OS and Junos OS Evolved

Tuesday, April 16, 2024 08:59:45 PM CEST

Multiple critical vulnerabilities have been identified in Juniper Networks Junos OS and Junos OS Evolved, primarily related to outdated cURL libraries. These vulnerabilities could allow remote attackers to execute arbitrary code, cause denial of service, or leak sensitive information.
It is strongly advised to update affected systems to the latest versions to mitigate these risks.

2024-037: Critical Vulnerability in PAN-OS software

Monday, April 29, 2024 12:45:35 PM CEST

On April 12, 2024, Palo Alto Networks released a security advisory for a critical vulnerability affecting a feature of PAN-OS software. This vulnerability allows an unauthenticated remote attacker to execute arbitrary code as root on the affected device.
This vulnerability is being exploited in the wild, and proof-of-concepts have been publicly disclosed by third parties. The vendor is gradually releasing patches for the vulnerable versions since April 14, 2024. However, the patches are not available for all the affected versions yet. In this case, it is highly recommended to apply the mitigation measures, as well as implementing the verification steps suggested by the vendor.

2024-036: Vulnerabilities in Fortinet products

Thursday, April 11, 2024 11:01:43 AM CEST

On April 11, 2024, Fortinet released multiple advisories regarding high and critical vulnerabilities affecting FortiOS, FortiProxy, FortiClient Mac and FortiClient Linux.
It is recommended upgrading affected software as soon as possible.

2024-035: Critical Vulnerability in Rust on Windows

Wednesday, April 10, 2024 11:54:51 AM CEST

On April 9, 2024, the Rust Security Response WG issued a security advisory regarding a critical vulnerability in the Rust programming environment affecting Windows platforms. This flaw allows command injection attacks via crafted batch file executions with untrusted arguments.
It is recommended updating as soon as possible, prioritising assets running code (or one of its dependencies) which executes batch files with untrusted arguments.

2024-034: Multiple Vulnerabilities in Microsoft Products

Wednesday, April 10, 2024 09:45:54 AM CEST

On April 9, 2024, Microsoft addressed 150 vulnerabilities in its April 2024 Patch Tuesday update, including 67 remote code execution (RCE) vulnerabilities and 2 zero-days exploited in malware attacks.
It is recommended applying updates as soon as possible on affected products.

2024-033: Multiple Vulnerabilities in Ivanti Connect Secure

Thursday, April 04, 2024 10:34:17 AM CEST

On April 2, 2024, Ivanti has addressed critical vulnerabilities in its Connect Secure and Policy Secure products, notably CVE-2024-21894, allowing unauthenticated attackers to perform remote code execution (RCE) and denial of service (DoS) attacks.

2024-032: Critical Vulnerability in XZ Utils

Tuesday, April 02, 2024 06:31:14 PM CEST

[Updated] On March 29, several companies issued a warning regarding a backdoor found in the XZ Utils software. XZ Utils is a data compression software and may be present in Linux distributions. The malicious code may allow a Threat Actor, with the right authentication key, to achieve gated pre-auth RCE on affected systems.
It is recommended downgrading XZ Utils to a not compromised version.

2024-031: High Severity Vulnerabilities in Cisco Products

Friday, March 29, 2024 11:49:02 AM CET

On March 27, 2024, Cisco released security updates for fourteen (14) vulnerabilities affecting IOS, IOS XE and Cisco Access Point software. Six (6) high severity vulnerabilities with a CVSS score of 8.6, could allow an unauthenticated, remote attacker to cause denial of service on an affected device.

2024-030: Critical Vulnerabilities in Ivanti Products

Thursday, March 21, 2024 10:19:02 AM CET

On March 20, 2024, Ivanti released fixes for two critical vulnerabilities affecting Ivanti Standalone Sentry and Ivanti Neurons for ITSM. According to Ivanti, there is no evidence of these vulnerabilities being exploited in the wild.
It is recommended upgrading affected software as soon as possible.

2024-029: Vulnerabilities in Atlassian Products

Wednesday, March 20, 2024 01:48:33 PM CET

On March 19, 2024, Atlassian released a security advisory addressing 24 high and critical vulnerabilities, among which a critical severity vulnerability in Bamboo Data Center/Server and a high vulnerability in Confluence Data Center and Server.
It is recommended updating affected products as soon as possible.

2024-028: Vulnerabilities in Fortinet Products

Thursday, March 14, 2024 05:49:32 PM CET

On March 12, 2024, Fortinet released fixes for three vulnerabilities affecting some of their products. The vulnerabilities could allow an unauthenticated attacker to execute unauthorised code or commands via specifically crafted requests.
It is recommended upgrading affected software as soon as possible.

2024-027: Critical Vulnerabilities in Microsoft Products

Wednesday, March 13, 2024 04:10:17 PM CET

On March 12, 2024, Microsoft addressed 60 vulnerabilities in its March 2024 Patch Tuesday update, including 18 remote code execution (RCE) vulnerabilities.
It recommended applying updates as soon as possible on affected products.

2024-026: Vulnerabilities in GitLab

Friday, March 08, 2024 10:11:28 AM CET

On March 6, 2024, GitLab released a security advisory addressing several vulnerabilities that could lead to a security policy bypass and a breach of data confidentiality.

2024-025: Zero-Day Vulnerabilities in Apple Products

Thursday, March 07, 2024 02:13:11 PM CET

On March 5, 2024, Apple released new product versions providing fixes for several vulnerabilities affecting iOS and iPadOS, among which 2 zero-day vulnerabilities already exploited in the wild.
It is recommended updating as soon as possible.

2024-024: Vulnerabilities in VMware Products

Thursday, March 07, 2024 02:12:18 PM CET

On March 5, 2024, VMware released fixes for four vulnerabilities affecting several VMware products. The most serious bugs could allow a malicious actor with local admin privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host.
It is recommended upgrading affected software as soon as possible.

2024-023: Vulnerabilities in JetBrains TeamCity

Thursday, March 07, 2024 02:10:35 PM CET

On March 4, JetBrains released a fix for two vulnerabilities affecting JetBrains TeamCity CI/CD server. Both vulnerabilities are authentication bypass vulnerabilities. If exploited, the most severe vulnerability allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker, including unauthenticated RCE.
It is advised upgrading the software as soon as possible.

2024-022: Vulnerabilities in Adobe products

Thursday, February 29, 2024 06:47:18 PM CET

On February 13, 2024, Adobe released two security advisories addressing multiple high severity vulnerabilities in various Adobe products. If exploited, the vulnerabilities would allow an attacker to cause remote arbitrary code execution, remote denial of service, remote code injection or disclosure of sensitive information.

2024-021: Vulnerabilities in Atlassian Products

Wednesday, February 21, 2024 05:24:33 PM CET

On February 20, 2024, Atlassian released a security advisory addressing a high severity vulnerability in Confluence Data Center and Confluence Server that, if exploited, could allow an authenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser. The security advisory also addresses 10 other high severity vulnerabilities which have been fixed in new versions of several Atlassian products.

2024-020: Critical Vulnerability in Zoom Products

Thursday, February 15, 2024 10:15:27 AM CET

On February 13, 2024, Zoom released a security advisory addressing one critical vulnerability. If exploited, this vulnerability allows an unauthenticated attacker to conduct privilege escalation on the target system via network access.
It is recommended applying updates as soon as possible.

2024-019: Critical Vulnerabilities in Microsoft Products

Wednesday, February 14, 2024 11:31:11 AM CET

On February 13, 2024, Microsoft released its February 2024 Patch Tuesday advisory, addressing 73 vulnerabilities, two of which are exploited in the wild.
It recommended applying updates as soon as possible on affected products.

2024-018: Critical Vulnerabilities in FortiOS

Friday, February 09, 2024 09:56:16 AM CET

On February 9, 2024, Fortinet released an advisory regarding critical vulnerabilities affecting FortiOS that, if exploited, would allow a remote and unauthenticated to execute code on the affected device.
One of the critical vulnerabilities is potentially being exploited in the wild. It is recommended updating as soon as possible.

2024-017: Critical Vulnerabilites in FortiSIEM

Tuesday, February 06, 2024 09:55:18 PM CET

In February 2024, Fortinet quietly updated a 2023 advisory, joining two critical flows to the list of OS Command vulnerabilities affecting its FortiSIEM product. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to execute commands on the system.
Updating is recommended as soon as possible.

2024-016: High Vulnerability in the runc package

Tuesday, February 06, 2024 09:24:54 PM CET

A critical vulnerability has been identified in all versions of runc package up to and including 1.1.11, affecting Docker, Kubernetes, and other containerisation technologies. This vulnerability, tracked as "CVE-2024-21626" with a CVSS score of 8.6, enables attackers to escape containers and potentially gain unauthorised access to the host operating system.

2024-015: Remote Code Execution Vulnerability in Cisco Products

Monday, January 29, 2024 04:41:07 PM CET

On January 24, 2024, Cisco disclosed a critical vulnerability in multiple the Unified Communications and Contact Center Solutions products. This vulnerability, tracked as "CVE-2024-20253" with a CVSS score of 9.9, could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Currently, Cisco has no evidence of public proof of concept exploits for this vulnerability or active exploitation in the wild.

2024-014: Critical Remote Code Execution Vulnerability in Jenkins

Tuesday, January 30, 2024 10:53:22 AM CET

On January 24, 2024, Jenkins issued fixes for several vulnerabilities, including CVE-2024-23897, a critical vulnerability that could allow an attacker to achieve remote code execution. The advisory published provides detailed information on various attack scenarios, exploitation pathways, descriptions of the fixes, and potential workarounds for those unable to immediately apply the security updates.
Multiple proof-of-concept (PoC) exploits for CVE-2024-23897 are now available.

2024-013: Zero-Day Vulnerability in Apple Products

Wednesday, January 24, 2024 10:57:58 AM CET

On January 22, 20024, Apple issued updates for a zero-day vulnerability identified as "CVE-2024-23222". This vulnerability affects iOS, iPadOS, macOS and tvOS devices and is currently being exploited in the wild. The updates also contain fixes for other vulnerabilities affecting Apple products.
It is recommended updating as soon as possible.

2024-012: Vulnerability in Chrome

Friday, January 19, 2024 05:14:59 PM CET

On January 16, 2024, Google has released an advisory addressing a zero-day vulnerability identified as "CVE-2024-0519", which affects the V8 engine in Google Chromium. This vulnerability allows for out-of-bounds memory access, potentially leading to heap corruption through a crafted HTML page. It has been reported that this vulnerability is being actively exploited.

2024-011: Vulnerability in Wordpress POST SMTP Mailer Plugin

Friday, January 19, 2024 05:14:38 PM CET

On January 10, 2024, an authorisation bypass vulnerability has been discovered in the "POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP" plugin for WordPress. This vulnerability, identified as "CVE-2023-6875" (CVSS score of 9.8)[1], may allow an unauthenticated attacker to reset the API key used to authenticate to the mailer and view logs, including password reset emails on WordPress sites that use this plugin.
This vulnerability could affect sites that have the POST SMTP Mailer plugin installed and configured, which is estimated to be over 300,000 sites.

2024-010: Vulnerabilities in Netscaler ADS and Netscaler Gateway

Thursday, July 18, 2024 10:08:03 AM CEST

On January 16, 2024, Citrix released a security advisory addressing two vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway, specifically "CVE-2023-6548" and "CVE-2023-6549". These vulnerabilities have been actively exploited and require urgent patching.
[New] On July 17, The NHS England National Cyber Security Operations Centre announced that new intelligence provided by CrowdStrike indicates that contrary to Citrix’s initial disclosure, the vulnerability "CVE-2023-6548" does not require user privileges for exploitation.

2024-009: Critical and High Vulnerabilities in Atlassian Products

Wednesday, January 17, 2024 10:00:28 AM CET

On January 16, 2024, Atlassian released a security advisory addressing a critical vulnerability in Confluence Data Center and Confluence Server that, if exploited, could lead to Remote Code Execution (RCE) on the affected server.
The editor also released a security advisory addressing 28 high-severity vulnerabilities which have been fixed in new versions of Atlassian products.

2024-008: Critical Vulnerabilities in Junos OS

Monday, January 15, 2024 10:22:00 AM CET

On January 10, 2024, Juniper released a security advisory addressing a critical vulnerability that, if exploited, could lead to a Denial of Service (DoS), or Remote Code Execution (RCE).
While Juniper SIRT is not aware of any malicious exploitation of this vulnerability, it is recommended upgrading as soon as possible.

2024-007: Critical Vulnerabilities in GitLab

Friday, January 12, 2024 02:50:29 PM CET

On January 11, 2024, GitLab released a security advisory addressing several vulnerabilities, including critical ones that, if exploited, could lead to account takeover, or slack command execution.
It is recommended upgrading as soon as possible.

2024-006: High Vulnerability in FortiOS & FortiProxy

Thursday, January 11, 2024 04:09:26 PM CET

On January 9, 2024, Fortinet disclosed a high vulnerability in FortiOS & FortiProxy. This vulnerability, tracked as "CVE-2023-44250" and with a CVSS score of 8.3, could allow an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests.

2024-005: Critical Vulnerability in Cisco Unity Connection

Thursday, January 11, 2024 04:08:30 PM CET

On January 10, 2024, Cisco disclosed a critical vulnerability in its Unity Connection product. This vulnerability, tracked as "CVE-2024-20272" with a CVSS score of 7.3, could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. Currently, Cisco has no evidence of public proof of concept exploits for this vulnerability or active exploitation in the wild.

2024-004: Critical Vulnerabilities in Ivanti Connect Secure

Friday, February 09, 2024 10:26:56 AM CET

On January 10, 2024, Ivanti has released an advisory about two critical vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure gateways. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited in the wild and can allow remote attackers to execute arbitrary commands on targeted gateways.
On January 31, 2024, Ivanti has released an advisory about two new critical vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure gateways. These vulnerabilities are identified as CVE-2024-21888 and CVE-2024-21893. CVE-2024-21893 have been exploited in the wild chained with CVE-2024-21887 and can lead to remote attackers to execute arbitrary commands on targeted gateways.
[New] On February 8, 2024, Ivanti has released an advisory about a new critical vulnerability in Ivanti Connect Secure (ICS) and Policy Secure gateways. The vulnerability tracked as CVE-2024-22024 is a new authentication bypass. While Ivanti claims that this vulnerability was found during their internal review and testing of their code, Watchtowr researchers claim otherwise.

2024-003: Critical Vulnerability in Apache OFBiz

Tuesday, January 09, 2024 10:11:53 AM CET

On December 26, 2023, the Apache OFBiz project released an update addressing a critical vulnerability in Apache OFBiz. The vulnerability allows attackers to bypass authentication, which could lead to remote code execution (RCE).

2024-002: Critical Vulnerability in Ivanti Endpoint Management Software

Monday, January 08, 2024 07:52:25 AM CET

On January 4th, 2024, a critical remote code execution (RCE) vulnerability was fixed in Ivanti's Endpoint Management software (EPM). This vulnerability, tracked as "CVE-2023-39336" (CVSS score : 9.6), allows unauthenticated attackers to hijack enrolled devices or the core server. Ivanti EPM is used to manage client devices across various platforms, including Windows, macOS, Chrome OS, and IoT operating systems. The vulnerability affects all supported versions of Ivanti EPM and has been resolved in version 2022 Service Update 5. The editor also states that no evidence of active exploitation was currently found.

2024-001: Vulnerability in Wordpress Google Fonts Plugin

Monday, January 08, 2024 07:58:33 AM CET

On January 2, 2024, an unauthenticated Stored Cross-Site Scripting (XSS) and directory deletion vulnerability has been discovered in the "OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy." plugin for WordPress. This vulnerability, identified as "CVE-2023-6600" (CVSS score of 8.6)[1], may allow unauthenticated attackers to update the plugin's settings and inject malicious scripts into affected sites.
This vulnerability could affect sites that have the OMGF plugin installed and configured, which is estimated to be over 300,000 sites.