Threat Advisories - NVD Disclosed October 9, 2024

CVE-2024-9465

Palo Alto Networks Expedition SQL Injection Leading to Data Exposure.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A SQL injection flaw in Palo Alto Networks Expedition allows unauthenticated attackers to access sensitive database contents, including credentials and configurations, and to manipulate files on the system. This poses a significant risk to organizational security by potentially enabling unauthorized access, data compro

NVD published: October 9, 2024 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-9463

Palo Alto Networks Expedition Command Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An OS command injection vulnerability affects Palo Alto Networks Expedition, potentially allowing unauthorized users to execute commands as root. This could expose sensitive firewall data, including credentials and configurations, posing a business risk.

NVD published: October 9, 2024 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-9680

Firefox and Thunderbird Code Execution Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Animation timelines allows for code execution, and has been reported as exploited. This impacts specific versions of Firefox and Thunderbird, potentially leading to system compromise and data loss. The realistic business risk is high due to active exploitation.

NVD published: October 9, 2024 • CISA KEV