Category Archives: Advisories

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Read Time:53 Second

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

Adobe Experience Manager is an all-in-one software suite used for content and asset management.
Adobe Premiere Pro is a timeline-based and non-linear video editing software application.
Adobe ColdFusion is a rapid development platform for building and deploying web and mobile applications.
Adobe Bridge is used to preview, organize, edit, and publish assets.
Adobe Lightroom is a photo editing and storage application available through the Adobe Creative Cloud.
Adobe Animate is used to create vector graphics and interactive content.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Read More

libvirt-9.7.0-3.fc39

Read Time:11 Second

FEDORA-2024-d96cdeb8ec

Packages in this update:

libvirt-9.7.0-3.fc39

Update description:

Fix crash listing interfaces with missing link status attribute (rhbz #2266014)
Fix crash listing interfaces with missized array (CVE-2024-1441)

Read More

libvirt-9.0.0-5.fc38

Read Time:11 Second

FEDORA-2024-1a59230214

Packages in this update:

libvirt-9.0.0-5.fc38

Update description:

Fix crash listing interfaces with missing link status attribute (rhbz #2266014)
Fix crash listing interfaces with missized array (CVE-2024-1441)

Read More

JetBrains TeamCity Authentication Bypass Vulnerabilities (CVE-2024-27198, CVE-2024-27199)

Read Time:38 Second

What are the Vulnerabilities?

Two new vulnerabilities affecting JetBrains TeamCity CI/CD server have been identified and tagged as CVE-2024-27198 and CVE-2024-27199. The most severe of the two, CVE-2024-27198, has been added to CISA’s known exploited catalog which allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker.

What is the Vendor Solution?

On March 3, 2024, JetBrains released TeamCity 2023.11.4 to fix both CVE-2024-27198 and CVE-2024-27199. [ Link ]

What FortiGuard Coverage is available?

FortiGuard Labs has released endpoint vulnerability signatures, which can help detect vulnerable systems and auto-patch where applicable, and has blocked all the known indicators of compromise (IoCs).

FortiGuard Labs recommends companies to review the vendor’s advisory.

Read More

Critical Patches Issued for Microsoft Products, March 13, 2024

Read Time:24 Second

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-6692-1: Gson vulnerability

Read Time:13 Second

It was discovered that Gson incorrectly handled deserialization of untrusted
input data. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service.

Read More