July 2, 2024 at 05:18AM PTC, a product lifecycle management solutions provider, released a patch for a critical vulnerability found in the license server for their Creo Elements/Direct product, affecting version 20.7.0.0 and prior. The flaw, assigned CVE-2024-6071 with a CVSS score of 10, allows unauthenticated remote attackers to execute arbitrary OS commands, potentially enabling … Read more
June 11, 2024 at 03:02PM JetBrains has issued a security warning concerning a critical vulnerability in its IntelliJ integrated development environment (IDE) apps, CVE-2024-37051. The flaw, affecting versions 2023.1 onwards with the GitHub plugin, exposes access tokens. Security updates have been released for affected IDEs, and customers are advised to update and revoke GitHub tokens. … Read more
May 14, 2024 at 01:54PM Today’s Microsoft Patch Tuesday includes updates for 61 flaws, with one critical vulnerability fixed in Microsoft SharePoint Server. It addresses 17 elevation of privilege vulnerabilities, two security feature bypass vulnerabilities, 27 remote code execution vulnerabilities, seven information disclosure vulnerabilities, three denial of service vulnerabilities, and four spoofing vulnerabilities. Additionally, three … Read more
December 4, 2023 at 02:46PM Google’s December 2023 Android update fixes 85 vulnerabilities, including a critical zero-click RCE bug in the System component and other high-severity issues. The most severe flaw allows remote execution without privileges or user interaction. Two zero-days were previously patched in October. Updates are released in two sets, with rollout times … Read more
October 25, 2023 at 03:40PM VMware has advised customers to update their vCenter Servers due to a critical flaw that could result in remote code execution. The flaw, assigned a high severity score of 9.8, allows for an out-of-bounds write vulnerability in the DCERPC protocol. It is considered a serious threat to the confidentiality, integrity, … Read more
October 25, 2023 at 05:06AM VMware has released security updates to address a critical vulnerability in vCenter Server that can be exploited for remote code execution attacks. The vulnerability (CVE-2023-34048) allows unauthenticated attackers to remotely exploit it without user interaction. VMware has made patches available for affected products, including end-of-life versions. Administrators are advised to … Read more
October 17, 2023 at 09:06AM US authorities have urged network admins to patch a critical vulnerability in Atlassian Confluence Data Center and Server due to ongoing nation-state exploitation. The potential consequences of the exploit are severe, as attackers could create new admin accounts for themselves. The attackers have already demonstrated sophistication by attempting to modify … Read more