Posts for category: Vulnerabilities Weekly Summaries

VMware Heap Overflow Vulnerability

Kalani Anderson - 10/25/2024

Executive Summary On October 21, 2024, VMware released an updated security advisory revealing that a vulnerability previously disclosed in September 2024, was not completely addressed as initially ...

Kubernetes Image Builder Vulnerability

Kalani Anderson - 10/18/2024

Executive Summary On October 15, 2024, it was disclosed by NIST that the software application, Kubernetes, had a critical vulnerability (CVE-2024-9486) in relation to its Image Builder ...

Microsoft Management Console Remote Code Execution Vulnerability

Kalani Anderson - 10/11/2024

Executive Summary On October 7, 2024, Microsoft released a security patch relating to the zero-day Microsoft Management Console Remote Code Execution (RCE) Vulnerability, CVE-2024-43572, on its ...

NVIDIA Container Toolkit Vulnerability

Kalani Anderson - 10/4/2024

Executive Summary On September 25, 2024, NVIDIA released a disclosure of a vulnerability relating to its Container Toolkit (CVE-2024-0132) which had been discovered by Wiz Research.  This ...

Windows Defender Vulnerability: Path Traversal

Joshua Bourns - 5/3/2024

Executive Summary On April 9, 2024, CVE-2024-29053, a critical vulnerability affecting Microsoft Defender for IoT, a security solution designed for protecting internet-connected devices was found ...

MacOS Vulnerability: Use After Free

Joshua Bourns - 5/3/2024

Executive Summary On March 28, 2024, CVE-2023-42950, a critical vulnerability in macOS that affects Safari and potentially other WebKit-based browsers was rediscovered. This vulnerability allows ...

Splunk Vulnerabilities Discovered

Joshua Bourns - 5/3/2024

Executive Summary Recently, two vulnerabilities affecting Splunk Enterprise were discovered. Splunk is a popular software platform for data ingestion, indexing, and analysis: CVE-2024-29946 and ...

Microsoft Edge Vulnerability: Information Disclosure

Joshua Bourns - 5/3/2024

Executive Summary On February 23, 2024, Microsoft disclosed a vulnerability (CVE-2024-26192) affecting Microsoft Edge (Chromium-based). This vulnerability allows attackers to potentially disclose ...

Zoom Vulnerability: Escalation of Privileges

Joshua Bourns - 3/28/2024

Executive Summary On February 8th, 2024, Zoom disclosed a critical vulnerability (CVE-2024-24691) affecting their Windows desktop client, VDI client, Rooms client, and Meeting SDK. This ...

Microsoft Exchange Vulnerability

Autumn Gamble - 10/18/2022

Executive Summary Microsoft Exchange 2019 Cumulative Update 23 and earlier versions are vulnerable to a server-side request forgery (SSRF) attack and remote code execution. An authenticated attacker ...