November 20, 2024 at 05:36AM Oracle announced patches for a critical information disclosure vulnerability (CVE-2024-21287) in Agile Product Lifecycle Management (PLM), which has been actively exploited. The flaw allows remote, unauthenticated attackers to access files under PLM application privileges. Users are urged to apply the updates promptly, as support for Agile PLM will end in … Read more
November 20, 2024 at 12:18AM Oracle has alerted users about a high-severity vulnerability (CVE-2024-21287) in the Agile Product Lifecycle Management Framework, which is being actively exploited. This flaw allows unauthenticated access to sensitive files. Users are urged to apply patches immediately for protection, as details on the attackers remain unknown. **Meeting Takeaways – Nov 20, … Read more
November 18, 2024 at 09:34AM Discontinued GeoVision video surveillance products are facing botnet attacks due to a critical zero-day vulnerability (CVE-2024-11120). This flaw allows remote attackers to execute commands without authentication. The affected models, now unsupported, include GV-VS12 and GV-VS11. Users are urged to replace these devices to mitigate risks. ### Meeting Notes Takeaways: 1. … Read more
October 23, 2024 at 06:56PM Fortinet disclosed a critical flaw (CVE-2024-47575) in its FortiManager software, allowing remote attackers to execute arbitrary code. With a CVSS score of 9.8, it’s actively exploited. Users are urged to update their software immediately. CISA added it to its Known Exploited Vulnerabilities Catalog, warning of significant user exposure. **Meeting Notes … Read more
May 9, 2024 at 02:19AM Two security vulnerabilities in F5 Next Central Manager could allow threat actors to gain control of devices and create hidden administrator accounts. The flaws, CVE-2024-21793 and CVE-2024-26026, impact versions 20.0.1 to 20.1.0 and have been addressed in version 20.2.0. Exploitation could lead to full control of the device and the … Read more
April 17, 2024 at 08:48AM Ivanti, an IT software company, released version 6.4.3 to fix 27 vulnerabilities in its Avalanche MDM product. These include critical-severity bugs allowing remote command execution without authentication. The patches also address high-severity flaws, medium-severity issues, and denial-of-service vulnerabilities. Ivanti recommends all customers update their Avalanche installations promptly to avoid potential … Read more
April 17, 2024 at 07:19AM Oracle released 441 new security patches in April 2024, with over 200 addressing flaws exploitable by remote, unauthenticated attackers. Oracle Communications received the most patches (93), followed by Fusion Middleware (51) and Financial Services Applications (49). Additionally, separate fixes were released for vulnerabilities affecting multiple applications. Customers are advised to … Read more
April 5, 2024 at 11:54AM Cisco issued a warning about a cross-site scripting (XSS) vulnerability in end-of-life RV series small business routers, impacting discontinued models RV016, RV042, RV042G, RV082, RV320, and RV325. The flaw, CVE-2024-20362, is remotely exploitable and lacks a workaround. Cisco also announced other vulnerability patches, including a high-severity defect in Nexus Dashboard … Read more
February 7, 2024 at 01:30PM Cisco has addressed critical vulnerabilities in its Expressway Series gateways through patches, mitigating the risk of cross-site request forgery (CSRF) attacks. These security flaws could allow attackers to remotely target and manipulate vulnerable systems. Expressway Series devices with default configurations are impacted by the vulnerabilities, prompting the need for migration … Read more
October 18, 2023 at 08:48AM Oracle has released 387 new security patches as part of the October 2023 CPU. Over 40 patches address critical-severity flaws and more than 200 resolve bugs that can be remotely exploited. The patches cover various Oracle products, with Financial Services Applications receiving the most fixes. Oracle advises customers to apply … Read more