NVD slowdown leaves thousands of vulnerabilities without analysis data

March 22, 2024 at 09:53AM The NIST has drastically reduced the analysis of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database, posing challenges for IT security professionals. The organization’s budget cuts and workload are suspected reasons. The cybersecurity community is concerned about the impact, although alternative sources like Open Source Vulnerabilities are available. … Read more

PoC Published for Critical Fortra Code Execution Vulnerability

March 18, 2024 at 06:45AM The PoC code is available for a critical vulnerability (CVE-2024-25153, CVSS score 9.8) in Fortra FileCatalyst Workflow. Attackers can execute arbitrary code through a directory traversal bug in the ‘ftpservlet’ component, potentially leading to web shell execution. SOCRadar warns of threat actor exploitation and advises prompt system updates. Additional details … Read more

Fortinet Patches Critical Vulnerabilities Leading to Code Execution

March 13, 2024 at 06:33AM Fortinet announced patches for critical vulnerabilities in its network security and management products. The flaws, including CVE-2023-42789 and CVE-2023-48788, could lead to code execution and were resolved in various product versions. Additionally, high-severity and medium-severity bugs were also patched. Users are urged to apply the patches promptly to avoid potential … Read more

March Patch Tuesday sees Hyper-V join the guest-host escape club

March 12, 2024 at 08:21PM Microsoft’s latest Patch Tuesday delivered 61 CVE-tagged vulnerabilities, including two critical bugs affecting Windows Hyper-V hypervisor. One is a remote code execution (RCE) flaw, while the other is a denial of service (DOS) vulnerability. Other high-severity flaws include a critical RCE in Open Management Infrastructure (OMI) and an elevation of … Read more

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

March 12, 2024 at 01:57PM Multiple CVEs across various Microsoft products and services have been reported, with severity levels ranging from Important to Critical. Vulnerabilities including Denial of Service, Elevation of Privilege, and Remote Code Execution pose potential security risks. It is crucial for users to apply relevant patches and updates to mitigate these vulnerabilities. … Read more

US Gov Says Software Measurability is ‘Hardest Problem to Solve’

February 27, 2024 at 03:27PM The US government is urging software manufacturers to release timely, comprehensive documentation of security vulnerabilities to enhance efforts in measuring code quality and safety. The White House emphasizes the need for long-term investment incentives and the adoption of memory-safe programming languages to improve cybersecurity across the digital ecosystem. This industry-wide … Read more

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws

February 13, 2024 at 03:28PM The provided text contains a list of CVE IDs and their associated vulnerabilities across various Microsoft products. The list spans different severity levels, such as Important, Moderate, and Critical. It outlines vulnerabilities related to .NET, Azure Active Directory, Azure DevOps, Azure File Sync, Microsoft Edge, Microsoft Office, Skype for Business, … Read more

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 74 flaws

February 13, 2024 at 02:08PM The document details a list of vulnerabilities, including CVE IDs, titles, and severity ratings for various Microsoft products and services, such as .NET, Azure Active Directory, Azure DevOps, Microsoft Edge, and others. It also covers Windows-related vulnerabilities in areas like Hyper-V, Internet Connection Sharing, Kernel, LDAP, and Message Queuing. Based … Read more

Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error

February 7, 2024 at 08:32AM NVD published two advisories regarding critical command injection vulnerabilities in Fortinet’s FortiSIEM products. However, it was revealed that the CVEs were duplicates of a known vulnerability issued in error. Fortinet has acknowledged this as a system-level error and is working on rectifying and withdrawing the erroneous entries. MITRE and other … Read more

Reg story prompts fresh security bulletin, review of Juniper Networks’ CVE process

January 30, 2024 at 10:36AM Juniper Networks disclosed and apologized for previously concealing vulnerabilities reported by watchTowr researcher Aliz Hammond. The company issued an out-of-cycle security advisory, separately disclosing four vulnerabilities with missing individual CVEs. The vulnerabilities affect J-Web in Junos OS SRX Series and EX Series. US CISA warned of the XSS vulnerability and … Read more