EU-CERT

TitleDescriptionDate
2024-092: Critical Vulnerability in Veeamopen in new windowOn September 5, 2024, Veeam disclosed a critical remote code execution (RCE) vulnerability tracked as CVE-2024-40711, affecting Veeam Backup & Replication (VBR). This flaw allows unauthenticated attackers to execute arbitrary code on vulnerable systems (CVSS score: 9.8). VBR is a target for ransomware attacks, as it plays a key role in enterprise data protection.Friday, September 06, 2024 12:10:44 PM CEST
2024-091: High Severity Vulnerability in VMware Fusion for MacOSopen in new windowOn September 3, 2024, Broadcom disclosed a high-severity vulnerability in VMware Fusion, which could allow attackers to execute arbitrary code on macOS systems.Wednesday, September 04, 2024 09:49:34 AM CEST
2024-090: Multiple Vulnerabilities in Cisco NX-OS Softwareopen in new windowOn August 28, Cisco released patches for multiple vulnerabilities affecting its NX-OS software, primarily used in Nexus switches. The most severe of these is a high-severity denial-of-service (DoS) vulnerability in the DHCPv6 relay agent, which could allow an unauthenticated remote attacker to cause targeted devices to reload repeatedly, leading to a DoS condition. Additionally, several medium-severity vulnerabilities were addressed, including issues that could allow privilege escalation and unauthorised code execution.Monday, September 02, 2024 09:40:58 AM CEST
2024-089: Critical Vulnerability in SonicWall SonicOSopen in new windowOn August 23, 2024, SonicWall issued a security advisory regarding a critical access control vulnerability (CVE-2024-40766) in its SonicOS. This flaw could allow attackers to gain unauthorised access to resources or cause the firewall crash.Tuesday, August 27, 2024 10:04:41 AM CEST
2024-088: Chrome ZeroDay Vulnerabilitiesopen in new windowA critical zero-day vulnerability, CVE-2024-7971, has been identified and patched in Google Chrome. This marks the ninth such vulnerability discovered in 2024. The flaw, which has been actively exploited in the wild, is rooted in a type confusion issue within Chrome's V8 JavaScript engine. This vulnerability allows attackers to potentially execute arbitrary code on affected systems.Tuesday, August 27, 2024 10:52:26 AM CEST
2024-085: Multiple Vulnerabilities in Moodleopen in new windowOn August 19, 2024, Moodle released a security advisory addressing sixteen vulnerabilities of various severities.Wednesday, August 21, 2024 02:19:29 PM CEST
2024-084: High Severity Vulnerabilities in F5 Productsopen in new windowOn August 14, 2024, F5 released a security advisory addressing nine vulnerabilities in their products. Four of these vulnerabilities have been classified as high severity due to their potential to facilitate session hijacking and to lead to Denial-of-Service (DoS) attacks.Wednesday, August 21, 2024 02:17:39 PM CEST
2024-083: Palo Alto Cortex XSOAR CommonScripts Critical Vulnerabilityopen in new windowOn August 14, 2024, Palo Alto Networks released a security advisory for a critical command injection vulnerability, CVE-2024-5914, in Cortex XSOAR. This flaw allows unauthenticated attackers to execute arbitrary commands within the context of an integration container, potentially compromising the system. The vulnerability affects the product's CommonScripts Pack and is rated as high severity with a CVSS score of 9.0.Tuesday, August 20, 2024 11:15:07 AM CEST
2024-082: Zabbix Server Critical Arbitrary Code Execution Vulnerabilityopen in new windowOn August 13, 2024, a critical vulnerability, CVE-2024-22116, was disclosed in Zabbix Server, allowing attackers with restricted administrative permissions to execute arbitrary code. The flaw, identified in the Ping script execution within the Monitoring Hosts section, can compromise the entire infrastructure. The vulnerability carries a CVSS score of 9.9.Friday, August 16, 2024 10:46:49 AM CEST
2024-081: SolarWinds Web Help Desk Critical Remote Code Execution Vulnerabilityopen in new windowOn August 14, 2024, SolarWinds disclosed a critical remote code execution (RCE) vulnerability, CVE-2024-28986, affecting all versions of their Web Help Desk (WHD) software. The vulnerability, caused by a Java deserialization flaw, allows attackers to execute arbitrary commands on the affected system. The vulnerability has a CVSS score of 9.8.Friday, August 16, 2024 10:41:49 AM CEST
2024-080: Multiple Critical Vulnerabilities in Microsoft Productsopen in new windowOn August 13, 2024, Microsoft addressed 89 vulnerabilities in its August 2024 Patch Tuesday update, including ten zero-day vulnerabilities. This Patch Tuesday also fixes six critical vulnerabilities.Wednesday, August 14, 2024 04:09:11 PM CEST