SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP
In the constantly changing world of cybersecurity, keeping abreast of vulnerabilities is essential for preserving the integrity of your systems. Recently, F5 has disclosed two significant vulnerabilities: CVE-2024-47139, related to BIG-IQ and CVE-2024-45844 affecting BIG-IP. This blog post will go ...
CVE Research
The Role of Vulnerability Assessment in Achieving Cyber Resilience for U.S. Enterprises
According to reports, the US ranks the top-most among other countries on the list of being a target for attackers. It faces almost 65% of cyberattacks compared to all the other industries in a year. As one of the world’s largest economies, it hosts numerous multinational corporations and critical in...
CVE Research
CVE-2024-9487: GitHub Patches Major Security Flaw in Enterprise Server. Patch Now!
A new critical vulnerability has been found in the GitHub Enterprise Server! CVE-2024-9487, with a staggering CVSS score of 9.5, is a cryptographic signature verification flaw that allows an attacker to gain unauthorized access to vulnerable instances.78io.-[
CVE Research
Oracle Releases Critical Security Updates October 2024 – Patch Now!
Oracle has released its Critical Patch Update (CPU) for October 2024, containing 334 new security patches across various product families, including Oracle Database Server, Oracle MySQL, Oracle Communications, Oracle E-Business Suite, Oracle Fusion Middleware, and more. This update addresses vulnera...
CVE Research
Critical Vulnerabilities in Windows, CERT-In Warns Users
Microsoft Windows, the world’s most widely used desktop OS, is at risk! The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity alert, warning Windows users in India of several vulnerabilities in Microsoft products and urging them to update their systems immediately.
CVE Research
Adobe Rolls Out Critical Security Updates Across Multiple Products – October 2024
In October 2024, Adobe issued security updates to fix several vulnerabilities in Adobe Substance 3D Painter, Adobe Commerce, Adobe Dimension, Adobe Animate, Adobe Lightroom, Adobe InCopy, Adobe InDesign, Adobe Substance 3D Stager, and Adobe FrameMaker. Cyber attackers could exploit these flaws to ga...
CVE Research
Microsoft Fixes 118 Flaws, 5 Zero Days in October 2024 Patch Tuesday
This month, Microsoft released security updates addressing 118 vulnerabilities, of which 5 were publicly disclosed zero days, and 3 were critical RCE flaws. Two of the zero days are known to have been actively exploited. The chart below offers some insight into the types of vulnerabilities found.
CVE Research
Zimbra Fixes Actively Exploited CVE-2024-45519 Flaw Allowing Unauthorised Code Execution
Zimbra has issued an advisory regarding a critical vulnerability identified as CVE-2024-45519, found in its postjournal service. This flaw has been classified as having a high severity level, allowing unauthenticated users to execute arbitrary commands on vulnerable systems. The vulnerability was f...
