#securitypatches

Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities

by

August 14, 2024 at 06:57AM Intel and AMD disclose multiple vulnerabilities in their products. Intel’s 43 advisories cover around 70 security holes, including high-severity flaws impacting various products. Medium-severity vulnerabilities were also patched in several hardware, software, and technologies. Similarly, AMD issued eight advisories addressing 46 vulnerabilities, including high-severity issues and plans to mitigate new … Read more

Chrome, Firefox Updates Patch Serious Vulnerabilities 

by

August 7, 2024 at 04:24AM Mozilla and Google released updates for their web browsers, patching a total of 20 vulnerabilities. Google’s Chrome version 127.0.6533.99 fixed six vulnerabilities of various severity, including a critical out-of-bounds memory access issue. Meanwhile, Mozilla’s Firefox version 129 addressed 14 vulnerabilities, 11 of which are rated as high severity. Both companies … Read more

Chrome 127 Patches 24 Vulnerabilities

by

July 24, 2024 at 08:39AM Google released Chrome 127, addressing 24 vulnerabilities, with memory safety bugs and high-severity flaws the most prevalent. The update includes patches for high and medium-severity vulnerabilities, as well as low-severity issues, awarding over $55,000 in bug bounty rewards. Users are encouraged to update promptly, with specifics on vulnerabilities withheld until … Read more

Oracle Patches 240 Vulnerabilities With July 2024 CPU

by

July 17, 2024 at 06:03AM Oracle announced 386 new security patches in its July 2024 Critical Patch Update (CPU), addressing over 260 unauthenticated, remotely exploitable vulnerabilities. The update includes roughly 240 unique CVEs, with notable patches for Communications and Financial Services Applications. Oracle urges customers to apply patches promptly to avoid exploitation as threat actors … Read more

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

by

July 12, 2024 at 08:00AM A critical security issue in the Exim mail transfer agent has a 9.1 out of 10.0 CVSS score (CVE-2024-39929). Attackers can deliver malicious attachments to user inboxes, potentially compromising systems. Over 1.5 million Exim servers are vulnerable, primarily in the U.S., Russia, and Canada. It’s essential to apply the patches … Read more

GitLab Security Updates Patch 14 Vulnerabilities

by

June 27, 2024 at 10:04AM GitLab released security patches for GitLab Community Edition and Enterprise Edition, addressing 14 vulnerabilities, including critical and high-severity flaws. The critical issue, CVE-2024-5655, could allow unauthorized pipeline triggering. The updates also address various vulnerabilities, including cross-site scripting and improper authorization. Users are advised to update to versions 17.1.1, 17.0.3, or … Read more

SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester

by

June 7, 2024 at 07:00AM SolarWinds released patches for high-severity vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a NATO pentester. Version 2024.2 includes fixes for three security defects and multiple bugs in third-party components. The vulnerabilities impact SolarWinds Platform 2024.1 SR 1 and previous versions. Users are urged to update … Read more

Vulnerabilities Patched in Kiuwan Code Security Products After Long Disclosure Process

by

June 6, 2024 at 08:18AM Kiuwan, a code security firm owned by US-based Idera, took almost two years to patch critical vulnerabilities in its SAST and Local Analyzer products. Discovered by SEC Consult, the flaws included XSS, XXE injection, privilege escalation, and IDOR issues, posing significant security risks to users. Despite extensive coordination, Kiuwan’s response … Read more

Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes

by

June 5, 2024 at 01:38PM Zyxel released security patches for its obsolete NAS326 and NAS542 devices after critical vulnerabilities were reported by an intern at a security vendor. The vulnerabilities, including a backdoor account and code injection flaws, could lead to remote code execution and other issues. Patches are available despite the devices reaching end-of-life … Read more

Researchers claim Windows Defender can be fooled into deleting databases

by

April 22, 2024 at 12:33AM SafeBreach researchers at Black Hat Asia revealed flaws in Microsoft and Kaspersky security products, allowing remote file deletion even after patching. By implanting malware signatures into legitimate files, attackers could trigger the deletion. Though patches were issued, researchers bypassed them and reported further vulnerabilities, emphasizing the complexity of fixing remote … Read more