July 2, 2024 at 05:18AM PTC, a product lifecycle management solutions provider, released a patch for a critical vulnerability found in the license server for their Creo Elements/Direct product, affecting version 20.7.0.0 and prior. The flaw, assigned CVE-2024-6071 with a CVSS score of 10, allows unauthenticated remote attackers to execute arbitrary OS commands, potentially enabling … Read more
June 12, 2024 at 12:45PM Fortinet has released patches for multiple vulnerabilities in FortiOS, including stack-based buffer overflow flaws leading to unauthorized code execution. The most severe issue, CVE-2024-23110, impacts FortiOS 6.x and 7.x. Other vulnerabilities include CVE-2024-26010, CVE-2023-46720, and CVE-2024-3661. Customers are advised to upgrade to fixed releases to mitigate potential exploitation. Based on … Read more
June 11, 2024 at 09:52AM Apple released visionOS 1.2 to address numerous vulnerabilities, with the standout CVE-2024-27812 specific to the Vision Pro headset. The update also prompted new security advisories for iOS, macOS, and other products, consolidating CVEs. The vulnerabilities could lead to code execution, information disclosure, and DoS, with the acknowledged researcher considering it … Read more
June 7, 2024 at 02:23PM SolarWinds released version 2024.2 with new features, upgrades, and security patches. This includes fixing high-severity SWQL injection bug (CVE-2024-28996), reported by a NATO-affiliated penetration tester. Other flaws fixed are a high-severity cross-site scripting flaw (CVE-2024-29004) and a medium-severity race condition vulnerability. The update also enhances map functionality and overall stability. … Read more
June 4, 2024 at 06:24AM Cox Communications recently patched several vulnerabilities in their modems, preventing potential remote takeovers by hackers. Discovered in March by expert Sam Curry, the flaws allowed attackers to bypass authorization, gaining control of millions of modems and potentially accessing customer data. Cox promptly addressed the issue after being notified. Key Meeting … Read more
May 23, 2024 at 01:50PM GitLab addressed a high-severity XSS vulnerability allowing unauthenticated attackers to compromise user accounts. Additionally, six medium-severity flaws were fixed, including a CSRF issue and a denial-of-service bug. These vulnerabilities allowed for account takeovers and disruption of services. GitLab urged immediate software updates due to potential impacts on sensitive data and … Read more
May 22, 2024 at 09:03AM GitHub has released patches for a critical-severity vulnerability in Enterprise Server, impacting instances using SAML SSO authentication and encrypted assertions. The CVE-2024-4985 vulnerability allows unauthorized access to administrative privileges. GitHub advises updating to patched releases 3.9.15, 3.10.12, 3.11.10, or 3.12.4 to mitigate the risk. Users are urged to prioritize implementing … Read more
May 16, 2024 at 05:09AM Google released Chrome 125 with patches for nine vulnerabilities, including high-severity bugs CVE-2024-4947 and CVE-2024-4948. Exploitation of CVE-2024-4947 could allow remote code execution, and Google acknowledged its exploitation in the wild. Updates are advised due to recent zero-day vulnerabilities. Bug bounty details have not been disclosed. From the meeting notes, … Read more
April 9, 2024 at 02:09PM Multiple bugs in LG’s WebOS on smart TVs permit attackers to gain root access and control the device. Bitdefender Labs identified four vulnerabilities, affecting WebOS versions 4-7, with CVSS ratings of up to 9.1. These flaws enable account creation and command execution, a PIN/prompt bypass, and manipulation of the music-lyrics … Read more
April 4, 2024 at 08:30AM Progress Software has released patches for a critical vulnerability in its widely used network monitoring and security solution, Flowmon, which could allow remote, unauthenticated attackers to gain access to systems. Tracked as CVE-2024-2389 with the highest severity rating, the bug was fixed in versions 11.1.14 and 12.3.5. Users should update … Read more