OWASP åŽįžŠčæŦčŖä¸įēãä¸åą¤åŽå ¨æŋįåˇčĄæŠåļīŧčŊé˛æĸåˇ˛įĨæŧæ´éå°åŠį¨ããCato éé Cato åŽä¸ééé˛åŧæīŧSPACEīŧä¸įå Ĩäžĩé˛įĻĻįŗģįĩąåą¤é˛čĄčæŦčŖä¸čįãCato įå°åŽļæé¨įŊ˛æ°į IPS čĻåīŧåžčåŋĢééŠææ°į CVEīŧčįĄéåŽĸæļįåčã
Name
CVE
Severity Score
Detect to Protect
Description
CVE-2024-9474 æ¯ PAN-OS čŖįŊŽįŽĄįįļ˛é äģéĸä¸įæŦéæåæŧæ´ãæĒįļčēĢäģŊéŠčįé įĢ¯æģæč īŧå¯äģĨå° CVE-2024-0012 å CVE-2024-9474 æŧæ´ä¸˛č¯čĩˇäžīŧåžčå¨æåæģæį PAN-OS čŖįŊŽä¸į˛åž root æŦéä¸ĻåˇčĄæäģ¤ã
Detection
2024 åš´ 11 æ 18 æĨ
Opt-in Protection
0 * įąæŧéį¨į°Ŋå
Global Protection
0 * įąæŧéį¨į°Ŋå
Name
CVE
Severity Score
Detect to Protect
Description
SolarWinds SERV-U įŽééæˇå 訹ååä¸ĻčŽåä¸ģæŠä¸įæææĒæĄã
Detection
2024 åš´ 6 æ 7 æĨ ä¸å 11:00
Opt-in Protection
0 * įąæŧéį¨į°Ŋå
Global Protection
0 * įąæŧéį¨į°Ŋå
Name
CVE
Severity Score
Detect to Protect
Description
ConnectWise ScreenConnect 23.9.7 åäšåįįæŦåå¨ä¸åčĒčįšéæŧæ´īŧæģæč å¯äģĨééæŋäģŖčˇ¯åžæééįšéčĒčīŧé˛čį´æĨååæŠå¯čŗč¨æééĩįŗģįĩąã
Detection
2024 åš´ 2 æ 21 æĨ
Opt-in Protection
2024 åš´ 2 æ 23 æĨ ä¸å 10:45 UTC
Global Protection
2024 åš´ 2 æ 25 æĨ ä¸å 9:00 UTC
Name
CVE
Severity Score
Detect to Protect
Description
Jenkins 2.441 åäšåįæŦīŧäģĨå LTS 2.426.2 åäšåįæŦīŧæĒįĻį¨å ļ CLI åŊäģ¤č§Ŗæå¨ä¸įä¸ååčŊīŧ芲åčŊæå°åæ¸ä¸į '@' åįŦĻåå ļåžįæĒæĄčˇ¯åžæŋæįēæĒæĄįå §åŽšīŧäŊŋæĒįļčĒčįæģæč čŊå¤ čŽå Jenkins äŧēæå¨æĒæĄįŗģįĩąä¸įäģģææĒæĄã
Detection
2024 åš´ 1 æ 27 æĨ
Opt-in Protection
2024 åš´ 1 æ 28 æĨ ä¸å 9:50
Global Protection
2024 åš´ 1 æ 29 æĨ ä¸å 5:30
Name
CVE
Severity Score
Detect to Protect
Description
Atlassian Confluence äŧēæå¨ččŗæä¸åŋåå¨ä¸åé įĢ¯į¨åŧįĸŧåˇčĄæŧæ´īŧæĒįļčēĢäģŊéŠčįæģæč å¯ééæ¨Ąæŋæŗ¨å Ĩį˛åžé įĢ¯į¨åŧįĸŧåˇčĄįæŦéã
Detection
2024 åš´ 1 æ 22 æĨ
Opt-in Protection
2024 åš´ 1 æ 22 æĨ ä¸å 7:00 UTC
Global Protection
2024 åš´ 1 æ 23 æĨ ä¸å 11:00 UTC
Name
CVE
Severity Score
Detect to Protect
Description
éé Apache Struts 2 įļ˛é æĄæļä¸įæĒæĄä¸åŗéčŧ¯æŧæ´īŧæģæč å¯é˛čĄäģģææĒæĄä¸åŗä¸ĻåˇčĄį¨åŧįĸŧ
Detection
POC å¯į¨ â 2023 åš´ 12 æ 12 æĨ
Opt-in Protection
2023 åš´ 12 æ 12 æĨ
Global Protection
2023 åš´ 12 æ 13 æĨ
Name
CVE
Severity Score
Detect to Protect
Description
éå°įļ˛éįļ˛čˇ¯įæį§č¨åä¸īŧčĨéčĄ IOS XE ä¸åį¨äē HTTP įļ˛é äģéĸåčŊīŧåå¯čŊįŧįæŦéæåæŧæ´
Detection
POC å¯į¨ – 2023 åš´ 10 æ 30 æĨ 20:30 UTC
Opt-in Protection
2023 åš´ 10 æ 31 æĨ 20:00 UTC
Global Protection
2023 åš´ 11 æ 1 æĨ 20:00 UTC
Name
CVE
Severity Score
Detect to Protect
Description
å¨ SOCKS5 äģŖįäŧēæå¨éŖįˇååéį¨ä¸īŧä¸ģæŠåį¨ąč§Ŗæįå įįˇŠčĄåæēĸäŊæŧæ´å¯čŊå°č´å¨æåæģæį libcurl å¯ĻäŊä¸åˇčĄæĄæį¨åŧįĸŧ
Detection
2023 åš´ 10 æ 11 æĨ 6:30 UTC
Opt-in Protection
2023 åš´ 10 æ 11 æĨ 20:00 UTC
Global Protection
2023 åš´ 10 æ 12 æĨ 9:30 UTC
Name
CVE
Severity Score
Detect to Protect
Description
Atlassian Confluence Server č Data Center æŦå°įæŦįæŦéæåæŧæ´īŧæģæč å¯äģĨåŠį¨æåæģæįįĩįĢ¯čŖįŊŽīŧåĩåģēæĒįļææŦįįŽĄįåĄå¸ŗæļä¸Ļį˛åäŧēæå¨ååæŦé
Detection
2023 åš´ 10 æ 4 æĨ 13:00 UTC
Opt-in Protection
2023 åš´ 10 æ 5 æĨ 11:00 UTC
Global Protection
2023 åš´ 10 æ 6 æĨ 12:00 UTC
Name
CVE
Severity Score
Detect to Protect
Description
InProgress įįŽĄįæĒæĄåŗčŧ¸ (MFT) č§ŖæąēæšæĄ MOVEit Transfer åå¨ SQL æŗ¨å Ĩæŧæ´īŧæģæč å¯åˇčĄ SQL åŊäģ¤īŧä¸Ļå¯čŊå°č´åŽčŖå°į¨åžéīŧé˛čå¯Ļįžé įĢ¯į¨åŧįĸŧåˇčĄã
Detection
2023 åš´ 6 æ 6 æĨ ä¸å 8:00
Opt-in Protection
2023 åš´ 6 æ 8 æĨ ä¸å 4:30
Global Protection
2023 åš´ 6 æ 9 æĨ ä¸å 2:00
Name
CVE
Severity Score
Detect to Protect
Description
Microsoft Outlook æåæŦéæŧæ´ * å¨éļæéģīŧCato įé˛įĢįé č¨æå°éå¤é¨į SMB æĩé
Detection
2023 åš´ 3 æ 3 æĨ ä¸å 8:02
Opt-in Protection
2023 åš´ 3 æ 3 æĨ ä¸å 8:02
Global Protection
2023 åš´ 3 æ 3 æĨ ä¸å 8:02
Name
CVE
Severity Score
Detect to Protect
Description
äŊįē ProxyNotShell æģæéįä¸é¨åīŧæäēįæŦį MS Exchange åå¨ RCEīŧé įĢ¯į¨åŧįĸŧåˇčĄīŧ
Detection
2022 åš´ 12 æ 21 æĨ ä¸å 5:00
Opt-in Protection
2022 åš´ 12 æ 21 æĨ ä¸å 11:29
Global Protection
2022 åš´ 12 æ 22 æĨ ä¸å 4:45
Name
CVE
Severity Score
Detect to Protect
Description
Microsoft Outlook æåæŦéæŧæ´
Detection
2022 åš´ 9 æ 30 æĨ ä¸å 1:19
Opt-in Protection
2022 åš´ 9 æ 30 æĨ ä¸å 11:25
Global Protection
2022 åš´ 10 æ 2 æĨ ä¸å 12:40
Name
CVE
Severity Score
Detect to Protect
Description
垎čģ Windows æ¯æ´č¨ēæˇåˇĨå ˇ (MSDT) é įĢ¯į¨åŧįĸŧåˇčĄæŧæ´
Detection
2022 åš´ 8 æ 10 æĨ ä¸å 11:22
Opt-in Protection
2022 åš´ 8 æ 11 æĨ ä¸å 6:38
Global Protection
2022 åš´ 8 æ 12 æĨ ä¸å 4:16
Name
CVE
Severity Score
Detect to Protect
Description
Apache Spark äŊŋį¨č äģéĸæäžäēééč¨åŽé¸é spark.acls.enable åį¨ ACLs įåčŊãéééŠčį¯Šé¸å¨īŧįŗģįĩąææĒĸæĨį¨æļæ¯åĻå ˇåæĨįæäŋŽæšæį¨į¨åŧįååæŦéãåĻæåį¨äē ACLs å HttpSecurityFilter ä¸įæäēį¨åŧįĸŧčˇ¯åžå¯čŊæčŽæģæč ééæäžäģģæįäŊŋį¨č åį¨ąé˛čĄåå ãæĄæį¨æļå¯čŊæåŠį¨æ¤æŧæ´īŧé˛č觸įŧä¸åæŦéæĒĸæĨåčŊīŧ芲åčŊæįĩææ šæį¨æļįčŧ¸å ĨåģēįĢä¸æĸ Unix Shell æäģ¤ä¸ĻåˇčĄãéå°å°č´äģĨįŽå Spark åˇčĄäŊŋį¨č įčēĢäģŊåˇčĄäģģæį Shell æäģ¤
Detection
2022 åš´ 7 æ 19 æĨ ä¸å 10:06
Opt-in Protection
2022 åš´ 7 æ 19 æĨ ä¸å 7:25
Global Protection
2022 åš´ 7 æ 20 æĨ ä¸å 5:23
Name
CVE
Severity Score
Detect to Protect
Description
垎čģ Windows æ¯æ´č¨ēæˇåˇĨå ˇ (MSDT) é įĢ¯į¨åŧįĸŧåˇčĄæŧæ´ã
Detection
2022 åš´ 5 æ 31 æĨ ä¸å 8:43
Opt-in Protection
2022 åš´ 5 æ 31 æĨ ä¸å 10:06
Global Protection
2022 åš´ 6 æ 1 æĨ ä¸å 5:00
Name
CVE
Severity Score
Detect to Protect
Description
å¨ Spring Cloud Function įæŦ 3.1.6ã3.2.2 åčŧčįæĒæ¯æ´įæŦä¸īŧįļäŊŋį¨čˇ¯įąåčŊæīŧæģæč å¯äģĨæäžįščŖŊį SpEL äŊįēčˇ¯įąčĄ¨éåŧīŧéå¯čŊå°č´é įĢ¯į¨åŧįĸŧåˇčĄä¸ĻååæŦå°čŗæē
Detection
2022 åš´ 3 æ 30 æĨ ä¸å 6:00
Opt-in Protection
2022 åš´ 3 æ 30 æĨ ä¸å 11:09
Global Protection
2022 åš´ 4 æ 1 æĨ ä¸å 7:54
Name
CVE
Severity Score
Detect to Protect
Description
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled
Detection
Dec 10th, 2021 at 8:45 PM
Opt-in Protection
December 11, 2021 at 3:16 AM
Global Protection
December 11, 2021 at 1:47 PM
Name
CVE
Severity Score
Detect to Protect
Description
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution
Detection
Oct 6th, 2021 at 7:19 AM
Opt-in Protection
October 7, 2021 at 2:01 PM
Global Protection
October 8, 2021 at 12:05 AM
Name
CVE
Severity Score
Detect to Protect
Name
CVE
Severity Score
Detect to Protect
Description
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file
Detection
Sep 23rd, 2021 at 8:36 AM
Opt-in Protection
September 23, 2021 at 6:23 PM
Global Protection
September 26, 2021 at 6:37 PM
Name
CVE
Severity Score
Detect to Protect
Description
Windows Print Spooler Elevation of Privilege Vulnerability
Detection
Jul 5th, 2021 at 12:16 PM
Opt-in Protection
July 11, 2021 at 10:52 AM
Global Protection
July 11, 2021 at 6:44 PM
Name
CVE
Severity Score
Detect to Protect
Description
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server
Detection
May 31, 2021 at 10:55 AM
Opt-in Protection
June 1, 2021 at 9:47 PM
Global Protection
June 3, 2021 at 10:24 PM
Name
CVE
Severity Score
Detect to Protect
Description
On specific versions of BIG-IP and BIG-IQ , the iControl REST interface has an unauthenticated remote command execution vulnerability
Detection
Mar 20th, 2021 at 11:43Â PM
Opt-in Protection
Mar 23rd, 2021 at 12:12Â PM
Global Protection
March 23, 2021 at 7:21 PM
Name
CVE
Severity Score
Detect to Protect
Description
Microsoft Exchange Server Remote Code Execution Vulnerability
Detection
March 3, 2021 at 11:03 AM
Opt-in Protection
March 4, 2021 at 10:48 PM
Global Protection
March 7, 2021 at 1:26 PM
Name
CVE
Severity Score
Detect to Protect
Description
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Detection
February 25, 2021 at 10:06 AM
Opt-in Protection
February 25, 2021 at 7:16 PM
Global Protection
February 26, 2021 at 12:03 PM
åŽĸæļįļ常å¨äŋčˇįļ˛įĩĄå åæ°č CVE å¨č æīŧå¨éį¨ãčŗæēåæéä¸éå°å°éŖãåå åĻä¸īŧ
äžæååŋ é éå°čŠ˛ CVE é˛čĄį įŠļä¸Ļéįŧį¸æįįšåžĩįĸŧ
åŽĸæļéčĻå¨įļčˇįĒåŖå §æ¸ŦčŠĻ芲įšåžĩįĸŧ
åŽĸæļæ¸ŦčŠĻåŋ é įĸēäŋ芲įšåžĩįĸŧä¸æä¸æˇæĩéãéäŊæĒĸæ¸ŦæčŊæåŊąéŋį¨æļéĢéŠ
įšåžĩįĸŧåĒæå¨æ¸ŦčŠĻæååžæčŊåį¨
éé éĢåēĻčč˛ģčŗæēįéį¨īŧäŊŋ訹å¤åŽĸæļä¸åžä¸å°å Ĩäžĩé˛įĻĻįŗģįĩą (IPS) åæčŗåĩæ¸Ŧæ¨ĄåŧīŧæéŖäģĨįļææäŊŗįåŽå ¨é˛čˇįæ ãéæéĢäēčĸĢå Ĩäžĩįéĸ¨éĒīŧå įēæģæč æčŠĻååŠį¨æĒäŋŽčŖį CVEīŧįčŗæ¯éåģįæŧæ´ã
Cato įčæŦäŋŽčŖæĩį¨å åĢååæĨéŠīŧå ¨é¨įą Cato åŽå ¨åéč˛ č˛ŦåˇčĄīŧ
čŠäŧ°
čŠäŧ° CVE į åŊąéŋį¯åä¸Ļį įŠļ į¸éæŧæ´ãįšåĨæ¯éå° å¯Ļéä¸åŠį¨æ¤ CVE įŧåæģæįæ æŗé˛čĄåæã
äēč§ŖååŊąéŋį įŗģįĩąéĄåäģĨåå¨č čĄįēč åĻäŊåˇčĄæģæ
éįŧ
åģēįĢæ°įå Ĩäžĩé˛įĻĻįŗģįĩąčĻå äžčæŦäŋŽčŖæ¤æŧæ´
ééåæ¸Ŧ æĩéå čŗæ äžæļé¤čĒ¤å ą
é¸ææ§äŋčˇ
å¨ãæ¨ĄæŦæ¨Ąåŧãä¸ é¸ææ§é¨įŊ˛čæŦčŖä¸
įēįšåŽåŽĸæļ åį¨é¸ææ§é˛čˇ
å ¨įé˛čˇ
å°čæŦčŖä¸ åæįēé˛čˇæ¨Ąåŧ
å¨ææåŽĸæļåæææĩéä¸åŧˇåļåį¨čæŦčŖä¸
æ¤æĩį¨åŽå ¨ä¸éčĻåŽĸæļčŗæēįåčīŧäšä¸æå°åŽĸæļįæĨåéäŊé æäģģäŊéĸ¨éĒã
