EU-CERT

Title	Description	Date
2024-042: Vulnerability in Cisco Integrated Management Controller	On April 17, 2024, Cisco disclosed vulnerabilities in its Cisco Integrated Management Controller product.	Thursday, April 18, 2024 04:36:20 PM CEST
2024-041: Multiple Vulnerabilities in Ivanti Avalanche MDM	On April 16, 2024, Ivanti disclosed several vulnerabilities in its Avalanche MDM solution, including two critical heap overflow issues allowing unauthenticated remote command execution.	Wednesday, April 17, 2024 11:32:02 AM CEST
2024-040: Vulnerabilities in Atlassian Products	On April 16, 2024, Atlassian released a security advisory addressing 7 high vulnerabilities in Bamboo Data Center, Confluence Data Center, Jira Software Data Center, and Jira Service Management Data Center.	Wednesday, April 17, 2024 11:31:38 AM CEST
2024-039: Crtitical Putty Client Vulnerability	A critical vulnerability, identified as CVE-2024-31497, affects the PuTTY SSH client. This vulnerability stems from a bias in ECDSA nonce generation when using the NIST P-521 elliptic curve. Attackers can exploit this bias to recover private keys after observing a relatively small number of ECDSA signatures.	Tuesday, April 16, 2024 09:00:16 PM CEST
2024-038: Critical vulnerabilities in Junos OS and Junos OS Evolved	Multiple critical vulnerabilities have been identified in Juniper Networks Junos OS and Junos OS Evolved, primarily related to outdated cURL libraries. These vulnerabilities could allow remote attackers to execute arbitrary code, cause denial of service, or leak sensitive information.	Tuesday, April 16, 2024 08:59:45 PM CEST
2024-037: Critical Vulnerability in PAN-OS software	On April 12, 2024, Palo Alto Networks released a security advisory for a critical vulnerability affecting a feature of PAN-OS software. This vulnerability allows an unauthenticated remote attacker to execute arbitrary code as root on the affected device.	Wednesday, April 17, 2024 11:31:06 AM CEST
2024-036: Vulnerabilities in Fortinet products	On April 11, 2024, Fortinet released multiple advisories regarding high and critical vulnerabilities affecting FortiOS, FortiProxy, FortiClient Mac and FortiClient Linux.	Thursday, April 11, 2024 11:01:43 AM CEST
2024-035: Critical Vulnerability in Rust on Windows	On April 9, 2024, the Rust Security Response WG issued a security advisory regarding a critical vulnerability in the Rust programming environment affecting Windows platforms. This flaw allows command injection attacks via crafted batch file executions with untrusted arguments.	Wednesday, April 10, 2024 11:54:51 AM CEST
2024-034: Multiple Vulnerabilities in Microsoft Products	On April 9, 2024, Microsoft addressed 150 vulnerabilities in its April 2024 Patch Tuesday update, including 67 remote code execution (RCE) vulnerabilities and 2 zero-days exploited in malware attacks.	Wednesday, April 10, 2024 09:45:54 AM CEST
2024-033: Multiple Vulnerabilities in Ivanti Connect Secure	On April 2, 2024, Ivanti has addressed critical vulnerabilities in its Connect Secure and Policy Secure products, notably CVE-2024-21894, allowing unauthenticated attackers to perform remote code execution (RCE) and denial of service (DoS) attacks.	Thursday, April 04, 2024 10:34:17 AM CEST
2024-032: Critical Vulnerability in XZ Utils	[Updated] On March 29, several companies issued a warning regarding a backdoor found in the XZ Utils software. XZ Utils is a data compression software and may be present in Linux distributions. The malicious code may allow a Threat Actor, with the right authentication key, to achieve gated pre-auth RCE on affected systems.	Tuesday, April 02, 2024 06:31:14 PM CEST