Wiz observes exploitation in the wild of PAN-OS vulnerabilities
Detect and mitigate CVE-2024-0012 and CVE-2024-9474, PAN-OS vulnerabilities which Wiz Threat Research has observed being exploited in-the-wild. Organizations should patch urgently.
#Vulnerabilities
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Everything you need to know
Detect and mitigate CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177 vulnerabilities impacting CUPS and IPP packages.
Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments
Critical severity vulnerability CVE-2024-0132 affecting NVIDIA Container Toolkit and GPU Operator presents high risk to AI workloads and environments.
RCE vulnerability in OpenSSH: everything you need to know
Detect and mitigate CVE-2024-6387, a remote code execution vulnerability in OpenSSH. Organizations are advised to patch urgently.
Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations
Wiz Research discovered CVE-2024-37032, an easy-to-exploit Remote Code Execution vulnerability in the open-source AI Infrastructure project Ollama.
Critical RCE vulnerability in PHP CGI: everything you need to know
Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently.
CVE-2024-4040 exploited in the wild: everything you need to know
Detect and mitigate CVE-2024-4040, a critical vulnerability in CrushFTP exploited in the wild. Organizations should patch urgently.
Backdoor in XZ Utils allows RCE: everything you need to know
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgently.
Authentication bypass vulnerabilities in TeamCity: everything you need to know
Detect and mitigate CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), authentication bypass vulnerabilities in JetBrains TeamCity.
February Fortinet Advisory: everything you need to know
Fortinet offers guidance to detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS and FortiProxy, including guidance that organizations should patch urgently.
Critical Vulnerabilities in Ivanti Exploited in-the-Wild: everything you need to know
Detect and mitigate CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893, critical vulnerabilities in Ivanti VPN products. Organizations should patch urgently, and government agencies are instructed to isolate Ivanti VPN instances.
Leaky Vessels: runC and BuildKit container escape vulnerabilities - everything you need to know
Detect and mitigate “Leaky Vessels”, container escape vulnerabilities affecting runC and BuildKit. Learn how to prioritize patching and detect exploitation attempts in runtime.