August 21, 2024 at 10:22AM A critical vulnerability, CVE-2024-6800, in GitHub Enterprise Server allows an attacker to gain admin privileges by exploiting a problem with SAML authentication. Over 36,500 GHES instances are accessible online, mostly in the US. GitHub has released fixed versions and warns of potential errors and issues during the update process. Based … Read more
June 27, 2024 at 10:57AM A critical vulnerability affecting certain versions of GitLab allows running pipelines as any user, with a severity score of 9.6 out of 10. It impacts versions from 15.8 through 16.11.4, 17.0.0 to 17.0.2, and 17.1.0 to 17.1.0, with updates to versions 17.1.1, 17.0.3, and 16.11.5 available. Two breaking changes and … Read more
March 21, 2024 at 01:33PM A bug in an AWS workflow management service led to cookie tossing, revealing a broader issue affecting major cloud services. Based on the meeting notes, it seems that a bug has affected users of an AWS workflow management service, potentially exposing them to cookie tossing. However, this incident has also … Read more
March 21, 2024 at 09:45AM Microsoft has released a patch for an Xbox vulnerability (CVE-2024-2891) categorized as ‘important’ severity, allowing local attackers with low privileges to escalate to System. The fix is automatically delivered to users with automatic updates enabled. This follows initial reluctance by Microsoft to acknowledge the issue, which was later publicly disclosed … Read more
March 19, 2024 at 05:52PM The flaw has a high CVSS rating of 9.8, prompting the company to advise product upgrades for resolution. Based on the meeting notes, the flaw has a CVSS rating of 9.8, and the company recommends product upgrades to fix the issue. Full Article
March 1, 2024 at 10:46AM Microsoft pulled the Edge 122.0.2365.63 update due to widespread “Out of Memory” errors reported by users. The issue primarily affected Windows 10 and 11 users, crashing the browser and displaying memory-related errors. The problem was linked to the Enhanced Web Protection feature and could be resolved by adjusting security settings. … Read more
February 16, 2024 at 04:49PM Wyze Labs is addressing a service outage and connectivity issues due to an AWS problem. Wyze is working to resolve device connection and login difficulties in collaboration with AWS. However, they have also noted a potential security issue and temporarily disabled the “Events” tab in the app. Customers are advised … Read more