Ivanti has released the following three security advisories addressing vulnerabilities in multiple products.
Security Advisory Ivanti Avalanche (Multiple CVEs) – Q4 2024 Release Ivanti Avalanche is a mobile device management solution and is used to remotely manage, deploy software, and schedule updates for enterprise mobile devices. Successful exploitation of five of the vulnerabilities could lead to denial-of-service (DoS) and one vulnerability could lead to information disclosure. All are rated with a CVSSv3 score of 7.5. Ivanti reports there is no known exploitation of these vulnerabilities.
Read more…
Source: NHS Digital
Related:
- Nvidia releases security update for high-severity graphics driver vulnerabilities
January 8, 2021
Nvidia has released a round of security fixes tackling high-severity issues in the Nvidia GPU display driver and vGPU software. Released on Thursday, the technology giant said the patches deal with issues that “may lead to denial of service, escalation of privileges, data tampering, or information disclosure.” In total, Nvidia has resolved 16 vulnerabilities linked to the ...
- Windows PsExec zero-day vulnerability gets a free micropatch
January 7, 2021
A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft’s Windows PsExec management tool is now available through the 0patch platform. PsExec is a fully interactive telnet-replacement that allows system admins to execute programs on remote systems. PsExec tool is also integrated into and used by enterprise tools to remotely launch executables on other ...
- DHS orders federal agencies to update SolarWinds Orion platform
December 30, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020. CISA’s Supplemental Guidance to Emergency Directive 21-01 demands this from all agencies using Orion versions unaffected in the SolarWinds supply chain attack. “We issued ...
- Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome
December 15, 2020
A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardware running on its own Apple processors. In total, six high-severity flaws ...
- Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
November 10, 2020
Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, 112 vulnerabilities were patched by Microsoft, with 93 rated important, and two rated low in severity. Tracked as CVE-2020-17087, one Windows kernel local elevation ...
- Apple Patches Bugs Tied to Previously Identified Zero-Days
November 6, 2020
Apple has patched three previously identified zero-day vulnerabilities in its iPhone, iPod and iPad devices potentially related to a spate of related flaws recently discovered by the Google Project Zero team that also affect Google Chrome and Windows. Apple this week released iOS 14.2 and iPadOS 14.2, which patch a total of 24 vulnerabilities—including the three ...