Posts for category: Vulnerabilities Weekly Summaries

CVE-2014-2120 Exploited a Decade Later

Kalani Anderson - 12/6/2024

Executive Summary On December 2, 2024 CISCO disclosed on their security advisory page that a vulnerability first discovered on March 18, 2014 was actively being exploited in the wild.  The ...

Oracle Agile PLM Vulnerability

Kalani Anderson - 11/22/2024

Executive Summary On November 18, 2024 Oracle disclosed in a security advisory that they had discovered a vulnerability in their Agile Product Lifecycle Management (PLM) Framework.  The ...

HPE Critical RCE Vulnerability

Kalani Anderson - 11/15/2024

Executive Summary On November 11, 2024, Hewlett Packard Enterprise (HPE) released a security patch to address several critical vulnerabilities impacting their Aruba Networking Access Point ...

Synology NAS Zero-Day Vulnerability

Kalani Anderson - 11/8/2024

Executive Summary On November 1, 2024, it was publicly disclosed that Synology’s NAS devices contained a critical vulnerability which was easily exploitable.  The Critical Zero-Click ...

Continued Exploit of SonicWall Vulnerability in Ransomware Attacks

Kalani Anderson - 11/1/2024

Executive Summary On August 21, 2024, SonicWall disclosed in a security advisory a vulnerability relating to its SonicOS management access and SSLVPN services, providing threat actors with ...

VMware Heap Overflow Vulnerability

Kalani Anderson - 10/25/2024

Executive Summary On October 21, 2024, VMware released an updated security advisory revealing that a vulnerability previously disclosed in September 2024, was not completely addressed as initially ...

Kubernetes Image Builder Vulnerability

Kalani Anderson - 10/18/2024

Executive Summary On October 15, 2024, it was disclosed by NIST that the software application, Kubernetes, had a critical vulnerability (CVE-2024-9486) in relation to its Image Builder ...

Microsoft Management Console Remote Code Execution Vulnerability

Kalani Anderson - 10/11/2024

Executive Summary On October 7, 2024, Microsoft released a security patch relating to the zero-day Microsoft Management Console Remote Code Execution (RCE) Vulnerability, CVE-2024-43572, on its ...

NVIDIA Container Toolkit Vulnerability

Kalani Anderson - 10/4/2024

Executive Summary On September 25, 2024, NVIDIA released a disclosure of a vulnerability relating to its Container Toolkit (CVE-2024-0132) which had been discovered by Wiz Research.  This ...

Windows Defender Vulnerability: Path Traversal

Joshua Bourns - 5/3/2024

Executive Summary On April 9, 2024, CVE-2024-29053, a critical vulnerability affecting Microsoft Defender for IoT, a security solution designed for protecting internet-connected devices was found ...