Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the weeks ending Saturday, November 16, 2024.
GitLab fixes High severity vulnerability CVE-2024-9693
GitLab has released patches to address a high-severity vulnerability that could grant unauthorized access to Kubernetes clusters.
The most serious vulnerability tracked as CVE-2024-9693 with a CVSS score of 8.5, allows unauthorized access to the Kubernetes agent within a cluster under specific configurations……
CISA adds Palo Alto flaws to KEV Catalog
The US CISA has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog
The first vulnerability, CVE-2024-9463 with a CVSS score of 9.9 and CWE-78, is an OS Command Injection flaw in Palo Alto Networks’ Expedition tool, which could allow attackers to execute arbitrary code on the affected system.
The second vulnerability, CVE-2024-9465, with a CVSS score of 9.2 and CWE-89, is an SQL injection vulnerability in the same Expedition tool. This flaw allows attackers to manipulate database queries, potentially stealing, modifying, or deleting sensitive data……
Citrix addresses NetScaler Vulnerabilities CVE-2024-8534 and CVE-2024-8535
Citrix has warned about two vulnerabilities affecting NetScaler ADC and NetScaler Gateway, products that provide application delivery and security services, could allow attackers to disrupt services or gain unauthorized access to sensitive information.
The first vulnerability tracked as CVE-2024-8534 with a CVSS v4.0 of 8.4, is a memory safety vulnerability that could lead to memory corruption and denial of service. The second vulnerability tracked as CVE-2024-8535 with a CVSS v4.0 score of 5.8, is an authentication bypass vulnerability that could allow an authenticated user to access unintended capabilities…..
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Fortinet fixes FortiClient VPN Flaw CVE-2024-47574
Fortinet’s has patched vulnerability in FortiClient VPN application potentially allows privilege escalation, execute code and possibly take over the box, and delete log files.
The vulnerability is tracked as CVE-2024-47574, with a CVSS score of 7.8, which affects FortiClient Windows version 7.4.0, 7.2.4 through 7.2.0, 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0……
Ivanti Addressed Multiple Vulnerabilities as part of November 2024 advisories
Ivanti has released trove of security updates as part of November 2024 security advisory. The most critical vulnerability in EPM, CVE-2024-50330 with a CVSS score of 9.8, is a SQL injection flaw that could allow a remote unauthenticated attacker to achieve RCE.
The most critical vulnerabilities in CSA, CVE-2024-38655, CVE-2024-38656, CVE-2024-39710, CVE-2024-39711, CVE-2024-39712, CVE-2024-11007, CVE-2024-11006, and CVE-2024-11005 all tracked with a score of CVSS 9.1, are critical argument injection and command injection flaws that could allow a remote authenticated attacker with admin privileges to achieve RCE……
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
Useful post.